Description

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

Remediation

References

CVE-2014-3556

Related Vulnerabilities

Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.14)

Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2021-24122)

WordPress Plugin GiveWP-Donation and Fundraising Platform SQL Injection (2.5.0)

WordPress Plugin Pym.js Embeds Cross-Site Scripting (1.3.2)

WordPress Plugin Upload File Type Settings Cross-Site Scripting (1.1)

Severity

Medium

Classification

CVE-2014-3556 CWE-138

Tags

Missing Update Known Vulnerabilities