Lucene search

K

[email protected]CVE-2011-1429

HistoryMar 16, 2011 - 10:55 p.m.

CVE-2011-1429

2011-03-1622:55:00

CWE-20

[email protected]

web.nvd.nist.gov

117

mutt

smtps

ssl

security

vulnerability

cve-2011-1429

6 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

65.9%

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

CPENameOperatorVersion
mutt:muttmutteq*

References

lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html

seclists.org/fulldisclosure/2011/Mar/87

secunia.com/advisories/44937

securityreason.com/securityalert/8143

www.redhat.com/support/errata/RHSA-2011-0959.html

www.securityfocus.com/bid/46803

exchange.xforce.ibmcloud.com/vulnerabilities/66015

6 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

65.9%

Related for CVE-2011-1429

openvas15 nessus9 ubuntucve2 prion2 debiancve2 redhat1 securityvulns2 fedora3 oraclelinux1 freebsd1 cbl_mariner1 ubuntu1 cve1