cbcvebase.
CVE-2021-38084
published 2021-08-03

CVE-2021-38084: An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS…

PriorityP344high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.36%
68.2th percentile
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.

Affected

4 ranges
VendorProductVersion rangeFixed in
courier-mtacourier_mail_server< 1.1.51.1.5
courier-mtacourier_mail_server>= 0 < 1.3.13-11.3.13-1
courier-mtacourier_mail_server>= 0 < 1.3.13-11.3.13-1
debiancourier< courier 1.3.13-1 (forky)courier 1.3.13-1 (forky)

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.