AService Log Error - Possible STARTTLS Pipeline Attack From <ip address>

(Doc ID 2381622.1)

Last updated on APRIL 04, 2018

Applies to:

Oracle Communications Messaging Server - Version 8.0.2 and later
Information in this document applies to any platform.


Using:  Oracle Communications Messaging Server

Seeing the following error on the MMP:

1.  Are these indicators of an attempted attack to exploit CVE-2011-0411?

2.  If so, did Messaging Server block this "attack" by not honoring plaintext commands pipelined after STARTTLS (hence the log messages), or not?



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms