This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote mail service allows plaintext command injection while
negotiating an encrypted communications channel.
The remote IMAP service contains a software flaw in its STARTTLS
implementation that could allow a remote, unauthenticated attacker to
inject commands during the plaintext protocol phase that will be
executed during the ciphertext protocol phase.
Successful exploitation could allow an attacker to steal a victim's
email or associated SASL (Simple Authentication and Security Layer)
See also :
Contact the vendor to see if an update is available.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true