CVE-2021-38084
published 2021-08-03CVE-2021-38084: An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS…
PriorityP344high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.36%
68.2th percentile
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| courier-mta | courier_mail_server | < 1.1.5 | 1.1.5 |
| courier-mta | courier_mail_server | >= 0 < 1.3.13-1 | 1.3.13-1 |
| courier-mta | courier_mail_server | >= 0 < 1.3.13-1 | 1.3.13-1 |
| debian | courier | < courier 1.3.13-1 (forky) | courier 1.3.13-1 (forky) |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m7r5-gh9x-xg9m: An issue was discovered in the POP3 component of Courier Mail Server before 1
ghsa_unreviewed·2022-05-24
CVE-2021-38084 [HIGH] CWE-74 GHSA-m7r5-gh9x-xg9m: An issue was discovered in the POP3 component of Courier Mail Server before 1
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
OSV
CVE-2021-38084: An issue was discovered in the POP3 component of Courier Mail Server before 1
osv·2021-08-03·CVSS 8.1
CVE-2021-38084 [HIGH] CVE-2021-38084: An issue was discovered in the POP3 component of Courier Mail Server before 1
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
Debian
CVE-2021-38084: courier - An issue was discovered in the POP3 component of Courier Mail Server before 1.1....
vendor_debian·2021·CVSS 8.1
CVE-2021-38084 [HIGH] CVE-2021-38084: courier - An issue was discovered in the POP3 component of Courier Mail Server before 1.1....
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.3.13-1)
sid: resolved (fixed in 1.3.13-1)
trixie: resolved (fixed in 1.3.13-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583https://sourceforge.net/p/courier/mailman/message/37329216/https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583https://sourceforge.net/p/courier/mailman/message/37329216/
2021-08-03
Published