Lucene search
HistoryOct 23, 2009 - 7:30 p.m.
CVE-2009-3766
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
36.2%
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Affected configurations
Node
muttmuttRange1.5.16–1.5.19
opensslopenssl
Related
prion
prion
Design/Logic Flaw
2009-10-23 19:30:00
Design/Logic Flaw
2011-03-16 22:55:00
ubuntucve
ubuntucve
CVE-2009-3766
2009-10-23 00:00:00
CVE-2011-1429
2011-03-16 00:00:00
cve
cve
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:04
cvelist
cvelist
CVE-2009-3766
2009-10-23 19:00:00
CVE-2011-1429
2011-03-16 22:00:00
debiancve
debiancve
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:04
nessus
nessus
RHEL 4 : mutt (Unpatched Vulnerability)
2024-06-03 00:00:00
Mandriva Linux Security Advisory : mutt (MDVSA-2012:048)
2012-04-03 00:00:00
RHEL 5 : mutt (Unpatched Vulnerability)
2024-06-03 00:00:00
openvas
openvas
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
FreeBSD Ports: mutt-devel
2012-04-30 00:00:00
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
nvd
nvd
CVE-2011-1429
2011-03-16 22:55:04
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.2
Confidence
Low
EPSS
0.001
Percentile
36.2%
Related for NVD:CVE-2009-3766