CVE-2021-32066

Risk Scores

Affected Products

Exploit Intelligence

• imap: StartTLS stripping attack (CVE-2016-0772). (hackerone)
• imap: StartTLS stripping attack (CVE-2016-0772). (hackerone)
• imap: StartTLS stripping attack (CVE-2016-0772). (hackerone)
• [debian-lts-announce] 20211013 [SECURITY] [DLA 2780-1] ruby2.3 security update (circl)
• https://www.oracle.com/security-alerts/cpuapr2022.html (circl)
• https://security.netapp.com/advisory/ntap-20210902-0004/ (circl)
• https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ (circl)
• https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (circl)
• [debian-lts-announce] 20230430 [SECURITY] [DLA 3408-1] jruby security update (circl)
• GLSA-202401-27 (circl)

…and 1 more exploits

Timeline

• CVE Published
• Jul 8, 2021 PoC Published
• Aug 2, 2021 EPSS Score
• Sep 30, 2021 EPSS Score
• Nov 28, 2021 EPSS Score
• Jan 6, 2022 EPSS Score
• Feb 4, 2022 EPSS Score
• Mar 26, 2022 EPSS Score
• Apr 1, 2022 EPSS Score
• May 24, 2022 EPSS Score
• Jul 23, 2022 EPSS Score
• Sep 20, 2022 EPSS Score

References

• ALAS2-2024-2570: ruby (medium) advisory
• ALAS2RUBY3.0-2023-005: ruby (medium) advisory
• ALAS2RUBY2.6-2023-004: ruby (medium) advisory