CVE-2014-3556 in nginxthông tin

Tóm tắt

Bởi MITRE

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Nguồn

Do you want to use VulDB in your project?

Use the official API to access entries easily!