CVE-2021-38084

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
Configurations

Configuration 1 (hide)

cpe:2.3:a:courier-mta:courier_mail_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:16

Type Values Removed Values Added
References () https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 - Third Party Advisory () https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 - Third Party Advisory
References () https://sourceforge.net/p/courier/mailman/message/37329216/ - Third Party Advisory () https://sourceforge.net/p/courier/mailman/message/37329216/ - Third Party Advisory

Information

Published : 2021-08-03 22:15

Updated : 2024-11-21 06:16


NVD link : CVE-2021-38084

Mitre link : CVE-2021-38084

CVE.ORG link : CVE-2021-38084


JSON object : View

Products Affected

courier-mta

  • courier_mail_server
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')