CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
69.4%
Package : dovecot
Version : 1:2.2.13-12~deb8u5
CVE ID : CVE-2019-3814
It was discovered that there was a vulnerability in the dovecot
IMAP/POP3 server.
A flaw in the TLS username handling could lead to an attacker
logging in as anyone else in the system if both
auth_ssl_{require_client,username_from}_cert were enabled.
For Debian 8 "Jessie", this issue has been fixed in dovecot version
1:2.2.13-12~deb8u5.
We recommend that you upgrade your dovecot packages.
Regards,
,''`.
: :' : Chris Lamb
`. `'` [email protected] 🍥 chris-lamb.co.uk
`-
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | mipsel | dovecot-managesieved | < 1:2.2.27-3+deb9u3 | dovecot-managesieved_1:2.2.27-3+deb9u3_mipsel.deb |
Debian | 9 | mipsel | dovecot-mysql | < 1:2.2.27-3+deb9u3 | dovecot-mysql_1:2.2.27-3+deb9u3_mipsel.deb |
Debian | 9 | ppc64el | dovecot-gssapi | < 1:2.2.27-3+deb9u3 | dovecot-gssapi_1:2.2.27-3+deb9u3_ppc64el.deb |
Debian | 9 | ppc64el | dovecot-lucene | < 1:2.2.27-3+deb9u3 | dovecot-lucene_1:2.2.27-3+deb9u3_ppc64el.deb |
Debian | 9 | armhf | dovecot-gssapi | < 1:2.2.27-3+deb9u3 | dovecot-gssapi_1:2.2.27-3+deb9u3_armhf.deb |
Debian | 9 | amd64 | dovecot-pop3d | < 1:2.2.27-3+deb9u3 | dovecot-pop3d_1:2.2.27-3+deb9u3_amd64.deb |
Debian | 8 | amd64 | dovecot-mysql | < 1:2.2.13-12~deb8u5 | dovecot-mysql_1:2.2.13-12~deb8u5_amd64.deb |
Debian | 9 | mips | dovecot-solr | < 1:2.2.27-3+deb9u3 | dovecot-solr_1:2.2.27-3+deb9u3_mips.deb |
Debian | 9 | armel | dovecot-dbg | < 1:2.2.27-3+deb9u3 | dovecot-dbg_1:2.2.27-3+deb9u3_armel.deb |
Debian | 8 | armel | dovecot-core | < 1:2.2.13-12~deb8u5 | dovecot-core_1:2.2.13-12~deb8u5_armel.deb |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
AI Score
Confidence
Low
EPSS
Percentile
69.4%