Vulnerability Details : CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Threat overview for CVE-2021-32066
Top countries where our scanners detected CVE-2021-32066
Top open port discovered on systems with this issue
80
IPs affected by CVE-2021-32066 4,196
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-32066!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-32066
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less