Lucene search
MitreCVE-2009-3766HistoryOct 23, 2009 - 7:30 p.m.
CVE-2009-3766
2009-10-2319:30:00
CWE-310
mitre
web.nvd.nist.gov
53
mutt
ssl
mutt 1.5.16
x.509
certificate
cve-2009-3766
openssl
security vulnerability
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.1
Confidence
Low
EPSS
0.001
Percentile
36.2%
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected configurations
Node
muttmuttRange1.5.16–1.5.19
opensslopenssl
Related
prion
prion
Design/Logic Flaw
2009-10-23 19:30:00
Design/Logic Flaw
2011-03-16 22:55:00
ubuntucve
ubuntucve
CVE-2009-3766
2009-10-23 00:00:00
CVE-2011-1429
2011-03-16 00:00:00
nvd
nvd
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:04
cvelist
cvelist
CVE-2009-3766
2009-10-23 19:00:00
CVE-2011-1429
2011-03-16 22:00:00
nessus
nessus
RHEL 4 : mutt (Unpatched Vulnerability)
2024-06-03 00:00:00
Mandriva Linux Security Advisory : mutt (MDVSA-2012:048)
2012-04-03 00:00:00
RHEL 5 : mutt (Unpatched Vulnerability)
2024-06-03 00:00:00
debiancve
debiancve
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:04
openvas
openvas
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
FreeBSD Ports: mutt-devel
2012-04-30 00:00:00
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
cve
cve
CVE-2011-1429
2011-03-16 22:55:04
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.1
Confidence
Low
EPSS
0.001
Percentile
36.2%
Related for CVE-2009-3766