Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2011-1947
HistoryJun 02, 2011 - 7:55 p.m.

CVE-2011-1947

2011-06-0219:55:03
CWE-399
redhat
web.nvd.nist.gov
34
cve-2011-1947
fetchmail
denial of service
starttls
stls
application hang
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

Low

EPSS

0.014

Percentile

86.5%

JSON

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

Affected configurations

Nvd
Node
fetchmailfetchmailMatch5.9.9
OR
fetchmailfetchmailMatch5.9.10
OR
fetchmailfetchmailMatch5.9.11
OR
fetchmailfetchmailMatch5.9.13
OR
fetchmailfetchmailMatch6.0.0
OR
fetchmailfetchmailMatch6.1.0
OR
fetchmailfetchmailMatch6.1.3
OR
fetchmailfetchmailMatch6.2.0
OR
fetchmailfetchmailMatch6.2.1
OR
fetchmailfetchmailMatch6.2.2
OR
fetchmailfetchmailMatch6.2.3
OR
fetchmailfetchmailMatch6.2.4
OR
fetchmailfetchmailMatch6.2.5
OR
fetchmailfetchmailMatch6.2.5.1
OR
fetchmailfetchmailMatch6.2.5.2
OR
fetchmailfetchmailMatch6.2.5.4
OR
fetchmailfetchmailMatch6.2.6pre4
OR
fetchmailfetchmailMatch6.2.6pre8
OR
fetchmailfetchmailMatch6.2.6pre9
OR
fetchmailfetchmailMatch6.2.9rc10
OR
fetchmailfetchmailMatch6.2.9rc3
OR
fetchmailfetchmailMatch6.2.9rc4
OR
fetchmailfetchmailMatch6.2.9rc5
OR
fetchmailfetchmailMatch6.2.9rc7
OR
fetchmailfetchmailMatch6.2.9rc8
OR
fetchmailfetchmailMatch6.2.9rc9
OR
fetchmailfetchmailMatch6.3.0
OR
fetchmailfetchmailMatch6.3.1
OR
fetchmailfetchmailMatch6.3.2
OR
fetchmailfetchmailMatch6.3.3
OR
fetchmailfetchmailMatch6.3.4
OR
fetchmailfetchmailMatch6.3.5
OR
fetchmailfetchmailMatch6.3.6
OR
fetchmailfetchmailMatch6.3.6rc1
OR
fetchmailfetchmailMatch6.3.6rc2
OR
fetchmailfetchmailMatch6.3.6rc3
OR
fetchmailfetchmailMatch6.3.6rc4
OR
fetchmailfetchmailMatch6.3.6rc5
OR
fetchmailfetchmailMatch6.3.7
OR
fetchmailfetchmailMatch6.3.8
OR
fetchmailfetchmailMatch6.3.9
OR
fetchmailfetchmailMatch6.3.9rc2
OR
fetchmailfetchmailMatch6.3.10
OR
fetchmailfetchmailMatch6.3.11
OR
fetchmailfetchmailMatch6.3.12
OR
fetchmailfetchmailMatch6.3.13
OR
fetchmailfetchmailMatch6.3.14
OR
fetchmailfetchmailMatch6.3.15
OR
fetchmailfetchmailMatch6.3.16
OR
fetchmailfetchmailMatch6.3.17
OR
fetchmailfetchmailMatch6.3.18
OR
fetchmailfetchmailMatch6.3.19
VendorProductVersionCPE
fetchmailfetchmail5.9.9cpe:2.3:a:fetchmail:fetchmail:5.9.9:*:*:*:*:*:*:*
fetchmailfetchmail5.9.10cpe:2.3:a:fetchmail:fetchmail:5.9.10:*:*:*:*:*:*:*
fetchmailfetchmail5.9.11cpe:2.3:a:fetchmail:fetchmail:5.9.11:*:*:*:*:*:*:*
fetchmailfetchmail5.9.13cpe:2.3:a:fetchmail:fetchmail:5.9.13:*:*:*:*:*:*:*
fetchmailfetchmail6.0.0cpe:2.3:a:fetchmail:fetchmail:6.0.0:*:*:*:*:*:*:*
fetchmailfetchmail6.1.0cpe:2.3:a:fetchmail:fetchmail:6.1.0:*:*:*:*:*:*:*
fetchmailfetchmail6.1.3cpe:2.3:a:fetchmail:fetchmail:6.1.3:*:*:*:*:*:*:*
fetchmailfetchmail6.2.0cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*
fetchmailfetchmail6.2.1cpe:2.3:a:fetchmail:fetchmail:6.2.1:*:*:*:*:*:*:*
fetchmailfetchmail6.2.2cpe:2.3:a:fetchmail:fetchmail:6.2.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 521

Related

openvas 12
nessus 9
prion 1
slackware 1
altlinux 3
fedora 3
cvelist 1
securityvulns 2
debiancve 1
nvd 1
ubuntucve 1
freebsd 1
osv 1
openvas
openvas
Fedora Update for fetchmail FEDORA-2011-8059
2011-06-24 00:00:00
Fedora Update for fetchmail FEDORA-2011-8011
2011-07-12 00:00:00
Fedora Update for fetchmail FEDORA-2011-8011
2011-07-12 00:00:00
nessus
nessus
Fedora 15 : fetchmail-6.3.20-1.fc15 (2011-8011)
2011-06-22 00:00:00
Fedora 13 : fetchmail-6.3.20-1.fc13 (2011-8059)
2011-06-22 00:00:00
FreeBSD : fetchmail -- STARTTLS denial of service (f7d838f2-9039-11e0-a051-080027ef73ec)
2011-06-07 00:00:00
prion
prion
Cross site request forgery (csrf)
2011-06-02 19:55:00
slackware
slackware
[slackware-security] fetchmail
2011-06-20 21:18:49
altlinux
altlinux
Security fix for the ALT Linux 5 package fetchmail version 6.3.21-alt1.0.M50P.1
2011-12-01 00:00:00
Security fix for the ALT Linux 6 package fetchmail version 6.3.20-alt1
2011-06-07 00:00:00
Security fix for the ALT Linux 5 package fetchmail version 6.3.20-alt1
2011-06-07 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: fetchmail-6.3.20-1.fc14
2011-06-21 17:37:34
[SECURITY] Fedora 13 Update: fetchmail-6.3.20-1.fc13
2011-06-21 17:15:34
[SECURITY] Fedora 15 Update: fetchmail-6.3.20-1.fc15
2011-06-21 17:24:01
cvelist
cvelist
CVE-2011-1947
2011-06-02 19:00:00
securityvulns
securityvulns
fetchmail security announcement fetchmail-SA-2011-01 (CVE-2011-1947)
2011-06-07 00:00:00
fetchmail DoS
2011-06-07 00:00:00
debiancve
debiancve
CVE-2011-1947
2011-06-02 19:55:03
nvd
nvd
CVE-2011-1947
2011-06-02 19:55:03
ubuntucve
ubuntucve
CVE-2011-1947
2011-06-02 00:00:00
freebsd
freebsd
fetchmail -- STARTTLS denial of service
2011-04-28 00:00:00
osv
osv
fetchmail-6.3.26-13.4 on GA media
2024-06-15 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

Low

EPSS

0.014

Percentile

86.5%

JSON
Related for CVE-2011-1947
openvas12nessus9prion1slackware1altlinux3fedora3cvelist1securityvulns2debiancve1nvd1ubuntucve1freebsd1osv1