STARTTLS.Plaintext.Command.Injection
Description
This indicates an attack attempt against a command execution vulnerability in STARTTLS protocol extension.
The vulnerability is caused by an error when the vulnerable software handles a malicious "STARTTLS" command. It allows a remote attacker to execute arbitrary commands via sending a crafted request.
Affected Products
Postfix 2.4.x before 2.4.16
2.5.x before 2.5.12
2.6.x before 2.6.9
2.7.x before 2.7.3
Impact
System Compromise
Recommended Actions
Upgrade to the latest version
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |