CVE-2014-3556

Name of the Vulnerable Software and Affected Versions nginx versions 1.5.x through 1.6.0 nginx versions 1.7.x through 1.7.3

Description The issue allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. This enables attackers to gain access to confidential information sent by the client.

Recommendations For nginx versions 1.5.x through 1.6.0, update to version 1.6.1 or later. For nginx versions 1.7.x through 1.7.3, update to version 1.7.4 or later.