Lucene search
HistoryOct 15, 2014 - 2:55 p.m.
CVE-2014-2576
cve-2014-2576
claws mail
security vulnerability
curlopt_ssl_verifyhost
mitm
nvd
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.6%
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| claws-mail:claws-mail | claws-mail | le | 3.9.3 |
| opensuse:opensuse | opensuse | eq | 12.3 |
| opensuse:opensuse | opensuse | eq | 13.1 |
Related
prion
prion
Code injection
2014-10-15 14:55:00
debiancve
debiancve
CVE-2014-2576
2014-10-15 14:55:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0449)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2014-2576
2014-10-15 14:00:00
nessus
nessus
openSUSE Security Update : claws-mail (openSUSE-SU-2014:1291-1)
2014-10-15 00:00:00
ubuntucve
ubuntucve
CVE-2014-2576
2014-10-15 00:00:00
mageia
mageia
Updated claws-mail package fixes security vulnerability
2014-11-14 14:50:06
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.6%
Related for CVE-2014-2576