What is the severity of CVE-2011-1506?

CVE-2011-1506 is classified as a medium severity vulnerability due to its potential to allow man-in-the-middle attacks during encrypted SMTP sessions.

How do I fix CVE-2011-1506?

To fix CVE-2011-1506, update your Kerio Connect or Kerio MailServer to the latest version that addresses this vulnerability.

What systems are affected by CVE-2011-1506?

CVE-2011-1506 affects Kerio Connect version 7.1.4 and several versions of Kerio MailServer from 5.0 to 6.7.3.

Can a man-in-the-middle attack exploit CVE-2011-1506?

Yes, CVE-2011-1506 allows an attacker to insert commands into an encrypted SMTP session, enabling man-in-the-middle attacks.

Is there a workaround for CVE-2011-1506 if I cannot update?

If an update is not possible, consider implementing additional network security measures to monitor and restrict unauthorized access.

Vulnerability/
CVE-2011-1506

medium

6.8

CWE

20 77

22/3/2011

6/8/2024

CVE-2011-1506: Input Validation

First published: Tue Mar 22 2011(Updated: )

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
GFI KerioConnect	=7.1.4
Kerio MailServer	=5.0
Kerio MailServer	=5.1
Kerio MailServer	=5.1.1
Kerio MailServer	=5.6.3
Kerio MailServer	=5.6.4
Kerio MailServer	=5.6.5
Kerio MailServer	=5.7.0
Kerio MailServer	=5.7.1
Kerio MailServer	=5.7.2
Kerio MailServer	=5.7.3
Kerio MailServer	=5.7.4
Kerio MailServer	=5.7.5
Kerio MailServer	=5.7.6
Kerio MailServer	=5.7.7
Kerio MailServer	=5.7.8
Kerio MailServer	=5.7.9
Kerio MailServer	=5.7.10
Kerio MailServer	=6.0
Kerio MailServer	=6.0.0
Kerio MailServer	=6.0.1
Kerio MailServer	=6.0.2
Kerio MailServer	=6.0.3
Kerio MailServer	=6.0.4
Kerio MailServer	=6.0.5
Kerio MailServer	=6.0.6
Kerio MailServer	=6.0.7
Kerio MailServer	=6.0.8
Kerio MailServer	=6.0.9
Kerio MailServer	=6.0.10
Kerio MailServer	=6.1.1
Kerio MailServer	=6.1.2
Kerio MailServer	=6.1.3
Kerio MailServer	=6.1.3_patch_1
Kerio MailServer	=6.1.4
Kerio MailServer	=6.2.0
Kerio MailServer	=6.2.1
Kerio MailServer	=6.2.2
Kerio MailServer	=6.3.0
Kerio MailServer	=6.3.1
Kerio MailServer	=6.3.1_p1
Kerio MailServer	=6.3.1_p2
Kerio MailServer	=6.4.0
Kerio MailServer	=6.4.1
Kerio MailServer	=6.4.2
Kerio MailServer	=6.5.0
Kerio MailServer	=6.5.0-patch_1
Kerio MailServer	=6.5.1
Kerio MailServer	=6.5.2
Kerio MailServer	=6.6.0
Kerio MailServer	=6.6.0-patch_1
Kerio MailServer	=6.6.1
Kerio MailServer	=6.6.2
Kerio MailServer	=6.7.0
Kerio MailServer	=6.7.1
Kerio MailServer	=6.7.2
Kerio MailServer	=6.7.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-1506?
CVE-2011-1506 is classified as a medium severity vulnerability due to its potential to allow man-in-the-middle attacks during encrypted SMTP sessions.
How do I fix CVE-2011-1506?
To fix CVE-2011-1506, update your Kerio Connect or Kerio MailServer to the latest version that addresses this vulnerability.
What systems are affected by CVE-2011-1506?
CVE-2011-1506 affects Kerio Connect version 7.1.4 and several versions of Kerio MailServer from 5.0 to 6.7.3.
Can a man-in-the-middle attack exploit CVE-2011-1506?
Yes, CVE-2011-1506 allows an attacker to insert commands into an encrypted SMTP session, enabling man-in-the-middle attacks.
Is there a workaround for CVE-2011-1506 if I cannot update?
If an update is not possible, consider implementing additional network security measures to monitor and restrict unauthorized access.

agent/weakness
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/kerio
canonical/gfi kerioconnect
version/gfi kerioconnect/7.1.4
canonical/kerio mailserver
version/kerio mailserver/5.0
version/kerio mailserver/5.1
version/kerio mailserver/5.1.1
version/kerio mailserver/5.6.3
version/kerio mailserver/5.6.4
version/kerio mailserver/5.6.5
version/kerio mailserver/5.7.0
version/kerio mailserver/5.7.1
version/kerio mailserver/5.7.2
version/kerio mailserver/5.7.3
version/kerio mailserver/5.7.4
version/kerio mailserver/5.7.5
version/kerio mailserver/5.7.6
version/kerio mailserver/5.7.7
version/kerio mailserver/5.7.8
version/kerio mailserver/5.7.9
version/kerio mailserver/5.7.10
version/kerio mailserver/6.0
version/kerio mailserver/6.0.0
version/kerio mailserver/6.0.1
version/kerio mailserver/6.0.2
version/kerio mailserver/6.0.3
version/kerio mailserver/6.0.4
version/kerio mailserver/6.0.5
version/kerio mailserver/6.0.6
version/kerio mailserver/6.0.7
version/kerio mailserver/6.0.8
version/kerio mailserver/6.0.9
version/kerio mailserver/6.0.10
version/kerio mailserver/6.1.1
version/kerio mailserver/6.1.2
version/kerio mailserver/6.1.3
version/kerio mailserver/6.1.3_patch_1
version/kerio mailserver/6.1.4
version/kerio mailserver/6.2.0
version/kerio mailserver/6.2.1
version/kerio mailserver/6.2.2
version/kerio mailserver/6.3.0
version/kerio mailserver/6.3.1
version/kerio mailserver/6.3.1_p1
version/kerio mailserver/6.3.1_p2
version/kerio mailserver/6.4.0
version/kerio mailserver/6.4.1
version/kerio mailserver/6.4.2
version/kerio mailserver/6.5.0
version/kerio mailserver/6.5.0-patch_1
version/kerio mailserver/6.5.1
version/kerio mailserver/6.5.2
version/kerio mailserver/6.6.0
version/kerio mailserver/6.6.0-patch_1
version/kerio mailserver/6.6.1
version/kerio mailserver/6.6.2
version/kerio mailserver/6.7.0
version/kerio mailserver/6.7.1
version/kerio mailserver/6.7.2
version/kerio mailserver/6.7.3