CVE-2014-3556

{"id": "CVE-2014-3556", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-29T20:59:03.943", "references": [{"url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://nginx.org/download/patch.2014.starttls.txt", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a \"plaintext command injection\" attack, a similar issue to CVE-2011-0411."}, {"lang": "es", "value": "La implementaci\u00f3n STARTTLS en mail/ngx_mail_smtp_handler.c en el proxy SMTP en nginx 1.5.x y 1.6.x anterior a 1.6.1 y 1.7.x anterior a 1.7.4 no restringe adecuadamente el buffer I/O, lo que permite ataques man-in-the-middle insertar comandos en sesiones cifradas SMTP enviando el comando cleartext que se procesa despu\u00e9s que TLS, relacionado a un ataque 'inyecci\u00f3n de comando de texto plano', un problema similar a CVE-2011-0411"}], "lastModified": "2021-11-10T15:59:33.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "091FA427-14F1-480B-9AF7-BEDE2B95F554", "versionEndExcluding": "1.6.1", "versionStartIncluding": "1.5.6"}, {"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E907E772-8057-4A01-97E5-B930769CFAD2", "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}