Lucene search
HistoryOct 15, 2014 - 2:55 p.m.
CVE-2014-2576
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
56.8%
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
Affected configurations
Node
claws-mailclaws-mailRange≤3.9.3
Node
opensuseopensuseMatch12.3
ORopensuseopensuseMatch13.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| claws-mail | claws-mail | * | cpe:2.3:a:claws-mail:claws-mail:*:*:*:*:*:*:*:* |
| opensuse | opensuse | 12.3 | cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2014-10-15 14:55:00
debiancve
debiancve
CVE-2014-2576
2014-10-15 14:55:06
mageia
mageia
Updated claws-mail package fixes security vulnerability
2014-11-14 14:50:06
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0449)
2022-01-28 00:00:00
ubuntucve
ubuntucve
CVE-2014-2576
2014-10-15 00:00:00
cve
cve
CVE-2014-2576
2014-10-15 14:55:06
nessus
nessus
openSUSE Security Update : claws-mail (openSUSE-SU-2014:1291-1)
2014-10-15 00:00:00
cvelist
cvelist
CVE-2014-2576
2014-10-15 14:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
56.8%
Related for NVD:CVE-2014-2576