Lucene search

PRIOn knowledge basePRION:CVE-2009-3766

HistoryOct 23, 2009 - 7:30 p.m.

Design/Logic Flaw

2009-10-2319:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.5%

JSON

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CPENameOperatorVersion
muttge1.5.16
muttlt1.5.19

CPE	Name	Operator	Version
	mutt	ge	1.5.16
	mutt	lt	1.5.19

References

dev.mutt.org/trac/ticket/3087

www.openwall.com/lists/oss-security/2009/10/26/1

marc.info/?l=oss-security&m=125198917018936&w=2

6.5 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.5%

JSON

Related for PRION:CVE-2009-3766