The host is installed with Kerio Connect 7.1.4 build 2985 or MailServer 6.x and is prone to denial of service vulnerability. A flaw is present in STARTTLS implementation in the application which does not properly restrict I/O buffering. Successful exploitation allow man-in-the-middle attackers to insert commands into encrypted SMTP sessions.