Denial of service vulnerability in STARTTLS implementation in Kerio Connect (windows) 7.1.4 build 2985 and MailServer 6.xID: oval:org.secpod.oval:def:611 | Date: (C)2011-04-01 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Kerio Connect 7.1.4 build 2985 or MailServer 6.x and is prone to denial of service vulnerability. A flaw is present in STARTTLS implementation in the application which does not properly restrict I/O buffering. Successful exploitation allow man-in-the-middle attackers to insert commands into encrypted SMTP sessions.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |