{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/MAPG-8D9M4P"}, {"name": "multiple-starttls-command-execution(65932)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"}, {"name": "ADV-2011-0610", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0610"}, {"name": "46767", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46767"}, {"name": "VU#555316", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/555316"}, {"name": "43678", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43678"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1506", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kb.cert.org/vuls/id/MAPG-8D9M4P", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/MAPG-8D9M4P"}, {"name": "multiple-starttls-command-execution(65932)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"}, {"name": "ADV-2011-0610", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0610"}, {"name": "46767", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46767"}, {"name": "VU#555316", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/555316"}, {"name": "43678", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43678"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:28:41.777Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/MAPG-8D9M4P"}, {"name": "multiple-starttls-command-execution(65932)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"}, {"name": "ADV-2011-0610", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0610"}, {"name": "46767", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46767"}, {"name": "VU#555316", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/555316"}, {"name": "43678", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43678"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1506", "datePublished": "2011-03-22T17:00:00.000Z", "dateReserved": "2011-03-22T00:00:00.000Z", "dateUpdated": "2024-08-06T22:28:41.777Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kerio:connect:7.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5E56E9A-B68C-4E87-8CBF-73AD60794AAC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7D26DCD-85B0-4908-A414-119862437C28", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B58BAF1-CF68-4F8C-8BCD-FF3C015FE72A", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B9C9084-B518-44F2-9F65-032A644FEC61", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F55CFA68-E07E-46CE-87F6-00AE9A268CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "58ECCE69-EAB9-427E-8922-F463E184C9F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "20E50A0F-7AFF-4F17-8833-839DDBD538C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "9063B23B-E585-41E4-98FF-DF18602C6E6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "6CB993B9-0CF5-4E71-A612-F3033F4F202B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "2B079207-FAF3-4FE2-B420-342440958C48", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "8A82C0BC-50D5-4FAC-A654-387B49CB7047", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "9BC1748E-32F0-4144-A597-89E8B8705FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "39C92F3B-23E3-4978-89AA-FC17B8EDF580", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "7B1FA201-CBCF-4D61-9848-F661A16EBEF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "0A2154DF-2306-4E8B-B78A-1BF20E697157", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "79C4389A-4BF4-4C38-8FF5-72B92548EFB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "67230E76-2C30-4038-BC5B-BAC02EDDFAC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "FAEA1EB3-5F4F-40D6-833C-225AC348760D", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC515E75-119E-4CB9-985E-00E6A9349178", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2FA7CEE3-7D36-4F9D-8AC6-3F4C55D360CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "937A6092-48C9-4721-B069-0B46D3520E36", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "F38A0AAC-ACA8-44D3-B36A-741D01BE166F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "08AE0CAA-B5A4-4E3A-B997-A2858E88CCC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E9AC0D46-2096-4006-8FED-A67AFCE2ED98", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F931B5E-6F02-48F6-8DAB-C0D796DFC2A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B391EF70-D407-4087-96CF-B925CA2799B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "23D64B85-51A2-47BC-94A2-8C9980CC573D", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "D4AB197E-4F2E-4976-B6F7-17EB8A8BFBB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2A8ADC9C-F49D-4CD2-B6DC-63552480646F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "991FC66F-B9F7-4E67-9D90-E56DE26FD85F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F343A3A1-1335-4785-B90E-3C62736A06B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "5605CD2B-8607-446C-94C4-B539C2396FEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B88E6A90-0433-493B-9E68-D0809F8A7B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.1.3_patch_1:*:*:*:*:*:*:*", "matchCriteriaId": "402EE4C7-77D0-4C06-8407-9F69F4059890", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "59830366-4CE8-44A2-9761-FB9226414A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "E119E7EB-F7FE-451E-8E7C-BBAB3849DF50", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9B080E7F-7BA8-48A1-B0EC-16B3BE5B183F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A75F2BE-8D1A-4022-823E-16BA42DA02DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BF86DC55-8519-44D5-A7FD-77FA8B2651AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "DAC7A299-CD9D-4159-A6C5-40F72DA158B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.3.1_p1:*:*:*:*:*:*:*", "matchCriteriaId": "83D02EC9-EF7F-4EBF-A053-1AE7DE164C06", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.3.1_p2:*:*:*:*:*:*:*", "matchCriteriaId": "2AE229C4-559F-4BB9-AF47-54C43AD03587", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "45649E00-F6B4-4782-A989-D9D5E20FA75B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "178E27A1-7A68-4298-96D8-540E0E77CDAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F30234CC-D865-4F1D-A4C7-FE6D050D2158", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "312EC630-9D21-4560-A57D-77D1704942C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.5.0:patch_1:*:*:*:*:*:*", "matchCriteriaId": "4522E3BF-C7DC-4160-8841-7784C4C575BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB7D282B-ED68-45EB-912E-72F9E85DC23E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "609DCDF8-437A-49B1-95FB-5E0ED30E0711", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8CD16F9A-6CC4-4FB2-9441-768312DEBB87", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.6.0:patch_1:*:*:*:*:*:*", "matchCriteriaId": "FE8D55BD-7C1A-455C-8243-01632C0438F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "64099B8F-F609-49D8-932E-8F4040AFFC75", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "39FECD4F-3494-4EB7-A3AF-828E3D6DD5E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A59B047-22D1-4271-AA18-160536A1235F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4106DB61-421B-4F41-8D65-23FE4B6696E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7FEA2AB8-AFB6-4AB2-B358-BD76CDD6B9B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "521CB164-8072-46CB-994E-6BC99863AB59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "La implementaci\u00f3n STARTTLS en Kerio Connect v7.1.4 build 2985 y MailServer v6.x no restringe de forma adecuada el b\u00fafer I/O, lo que permite atacantes \"man-in-the-middle\" insertar comandos en las sesiones SMTP cifrado mediante el env\u00edo de un comando de texto plano que se procesa despu\u00e9s de TLS en su lugar, en relaci\u00f3n con un ataque \"inyecci\u00f3n de comandos de texto claro\", un problema similar a CVE-2011-0411. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."}], "id": "CVE-2011-1506", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-03-22T17:55:04.377", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43678"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/555316"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/MAPG-8D9M4P"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/46767"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0610"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/555316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/MAPG-8D9M4P"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46767"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65932"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}