Response Injection Vulnerability in Exim Mail Transfer Agent
CVE-2021-38371

7.5HIGH

Key Information:

Vendor

Exim

Status
Exim
Vendor
CVE Published:
10 August 2021

What is CVE-2021-38371?

The STARTTLS functionality in Exim versions prior to 4.94.3 is susceptible to a response injection flaw, allowing attackers to exploit the mail transfer agent (MTA) during SMTP operations. This vulnerability arises when the server's response can be manipulated, potentially leading to unauthorized information disclosure or malicious redirection. It is critical for users of Exim to apply the latest updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://nostarttls.secvuln.info
x_refsource_MISC
https://www.exim.org
x_refsource_MISC
https://www.exim.org/static/doc/security/CVE-2021-38371.txt
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.