Synology-SA-18:43 MailPlus Server

Publish Time: 2018-08-14 14:25:06 UTC+8

Last Updated: 2019-04-01 11:13:27 UTC+8

Severity
Important
Status
Resolved

Abstract

A vulnerability allows remote attackers to conduct denial-of-service attacks via a susceptible version of MailPlus Server.

Affected Products

Product Severity Fixed Release Availability
MailPlus Server Important Upgrade to 2.0.5-0606 or above.

Mitigation

None

Detail

  • CVE-2018-13296
    • Severity: Important
    • CVSS3 Base Score: 7.5
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    • Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation.

Revision

Revision Date Description
1 2018-08-14 Initial public release.
2 2019-04-01 Disclosed vulnerability details.