Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-2576HistoryOct 15, 2014 - 2:55 p.m.
CVE-2014-2576
2014-10-1514:55:06
Debian Security Bug Tracker
security-tracker.debian.org
9
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.8%
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | claws-mail | < 3.10.1-1 | claws-mail_3.10.1-1_all.deb |
| Debian | 11 | all | claws-mail | < 3.10.1-1 | claws-mail_3.10.1-1_all.deb |
| Debian | 999 | all | claws-mail | < 3.10.1-1 | claws-mail_3.10.1-1_all.deb |
| Debian | 13 | all | claws-mail | < 3.10.1-1 | claws-mail_3.10.1-1_all.deb |
Related
cvelist
cvelist
CVE-2014-2576
2014-10-15 14:00:00
cve
cve
CVE-2014-2576
2014-10-15 14:55:06
nessus
nessus
openSUSE Security Update : claws-mail (openSUSE-SU-2014:1291-1)
2014-10-15 00:00:00
ubuntucve
ubuntucve
CVE-2014-2576
2014-10-15 00:00:00
prion
prion
Code injection
2014-10-15 14:55:00
mageia
mageia
Updated claws-mail package fixes security vulnerability
2014-11-14 14:50:06
nvd
nvd
CVE-2014-2576
2014-10-15 14:55:06
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0449)
2022-01-28 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.8%
Related for DEBIANCVE:CVE-2014-2576