1. CVE-Search
  2. CVE-2021-32066
ID CVE-2021-32066
Summary An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:preview3:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:preview3:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ruby-lang:ruby:2.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:ruby-lang:ruby:2.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 24-01-2024 - 05:15)
Impact:
Exploitability:
CWE CWE-755
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
Last major update 24-01-2024 - 05:15
Published 01-08-2021 - 19:15
Last modified 24-01-2024 - 05:15
Back to Top