CVE-2011-1432
NONE EPSS 81.0%
Published Mar 16, 201115y ago · Modified Jun 16, 20262w ago
Published Mar 16, 2011 15y ago
Last Modified Jun 16, 2026 2w ago
Description
The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Threat Intelligence
EPSS Exploit Probability
81.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| sco | scoofficeserver | * | any |
References 5
- kb.cert.org http://www.kb.cert.org/vuls/id/555316
- kb.cert.org http://www.kb.cert.org/vuls/id/MAPG-8D9M6A
- securityfocus.com http://www.securityfocus.com/bid/46767
- vupen.com http://www.vupen.com/english/advisories/2011/0613
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/65932
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.