Lucene search

[email protected]CVE-2021-38371

HistoryAug 10, 2021 - 3:15 p.m.

CVE-2021-38371

2021-08-1015:15:08

CWE-74

[email protected]

web.nvd.nist.gov

241

cve-2021-38371

exim

starttls

mta

smtp

response injection

buffering

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

JSON

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

Affected configurations

NVD

Node

eximeximRange≤4.94.2

CPENameOperatorVersion
exim:eximeximle4.94.2

CPE	Name	Operator	Version
exim:exim	exim	le	4.94.2

References

nostarttls.secvuln.info

www.exim.org

www.exim.org/static/doc/security/CVE-2021-38371.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

JSON

Related for CVE-2021-38371

prion1 amazon1 osv1 debiancve1 alpinelinux1 nessus1 cloudlinux1 openvas1 cvelist1 ubuntucve1 veracode1 nvd1