Lucene search

Ubuntu.comUB:CVE-2005-3402

HistoryNov 01, 2005 - 12:00 a.m.

CVE-2005-3402

2005-11-0100:00:00

ubuntu.com

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

48.4%

JSON

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly
other versions, does not notify users when it cannot establish a secure
channel with the server, which allows remote attackers to obtain
authentication information without detection via a man-in-the-middle (MITM)
attack that bypasses TLS authentication or downgrades CRAM-MD5
authentication to plain authentication.

References

launchpad.net/bugs/cve/CVE-2005-3402

nvd.nist.gov/vuln/detail/CVE-2005-3402

security-tracker.debian.org/tracker/CVE-2005-3402

www.cve.org/CVERecord?id=CVE-2005-3402

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

EPSS

0.001

Percentile

48.4%

JSON

Related for UB:CVE-2005-3402