Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-3766HistoryOct 23, 2009 - 7:30 p.m.
CVE-2009-3766
2009-10-2319:30:00
Debian Security Bug Tracker
security-tracker.debian.org
6
0.001 Low
EPSS
Percentile
35.9%
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | mutt | < 2.2.12-0.1~deb12u1 | mutt_2.2.12-0.1~deb12u1_all.deb |
| Debian | 11 | all | mutt | < 2.0.5-4.1+deb11u3 | mutt_2.0.5-4.1+deb11u3_all.deb |
| Debian | 10 | all | mutt | < 1.10.1-2.1+deb10u6 | mutt_1.10.1-2.1+deb10u6_all.deb |
| Debian | 999 | all | mutt | < 2.2.12-0.1 | mutt_2.2.12-0.1_all.deb |
| Debian | 13 | all | mutt | < 2.2.12-0.1 | mutt_2.2.12-0.1_all.deb |
Related
prion
prion
Design/Logic Flaw
2009-10-23 19:30:00
Design/Logic Flaw
2011-03-16 22:55:00
cve
cve
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:00
ubuntucve
ubuntucve
CVE-2009-3766
2009-10-23 00:00:00
CVE-2011-1429
2011-03-16 00:00:00
cvelist
cvelist
CVE-2009-3766
2009-10-23 19:00:00
CVE-2011-1429
2011-03-16 22:00:00
openvas
openvas
FreeBSD Ports: mutt-devel
2012-04-30 00:00:00
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : mutt (MDVSA-2012:048)
2012-04-03 00:00:00
debiancve
debiancve
CVE-2011-1429
2011-03-16 22:55:00