CVE-2011-1926

NONE EPSS 89.3%
Published May 23, 201115y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 23, 2011 15y ago
Last Modified Jun 16, 2026 2w ago

Description

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Threat Intelligence

EPSS Exploit Probability
89.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 35

VendorProductVersionRange
cmucyrus_imap_server* ≤2.4.6
cmucyrus_imap_server2.0.17any
cmucyrus_imap_server2.1.16any
cmucyrus_imap_server2.1.17any
cmucyrus_imap_server2.1.18any
cmucyrus_imap_server2.2.8any
cmucyrus_imap_server2.2.9any
cmucyrus_imap_server2.2.10any
cmucyrus_imap_server2.2.11any
cmucyrus_imap_server2.2.12any
cmucyrus_imap_server2.2.13any
cmucyrus_imap_server2.2.13p1any
cmucyrus_imap_server2.3.0any
cmucyrus_imap_server2.3.1any
cmucyrus_imap_server2.3.2any
cmucyrus_imap_server2.3.3any
cmucyrus_imap_server2.3.4any
cmucyrus_imap_server2.3.5any
cmucyrus_imap_server2.3.6any
cmucyrus_imap_server2.3.7any
cmucyrus_imap_server2.3.8any
cmucyrus_imap_server2.3.9any
cmucyrus_imap_server2.3.10any
cmucyrus_imap_server2.3.11any
cmucyrus_imap_server2.3.12any
cmucyrus_imap_server2.3.13any
cmucyrus_imap_server2.3.14any
cmucyrus_imap_server2.3.15any
cmucyrus_imap_server2.3.16any
cmucyrus_imap_server2.4.0any
cmucyrus_imap_server2.4.1any
cmucyrus_imap_server2.4.2any
cmucyrus_imap_server2.4.3any
cmucyrus_imap_server2.4.4any
cmucyrus_imap_server2.4.5any

References 20

Remediation