[email protected]NVD:CVE-2011-3372

HistoryDec 24, 2011 - 7:55 p.m.

CVE-2011-3372

2011-12-2419:55:01

CWE-287

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

Affected configurations

NVD

Node

cyrusimapdRange≤2.4.11

References

cyrusimap.org/mediawiki/index.php/Latest_Updates

git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594

secunia.com/advisories/46093

secunia.com/secunia_research/2011-68

securitytracker.com/id?1026363

www.debian.org/security/2011/dsa-2318

www.mandriva.com/security/advisories?name=MDVSA-2011:149

www.redhat.com/support/errata/RHSA-2011-1508.html

bugzilla.redhat.com/show_bug.cgi?id=740822

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

Related for NVD:CVE-2011-3372

nessus13 altlinux4 cve1 prion1 veracode1 ubuntucve1 cvelist1 redhat1 openvas16 oraclelinux1 amazon1 centos1 debian1 securityvulns2 osv1