Lucene search
Ubuntu.comUB:CVE-2009-3766HistoryOct 23, 2009 - 12:00 a.m.
CVE-2009-3766
2009-10-2300:00:00
ubuntu.com
ubuntu.com
10
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.001
Percentile
36.2%
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is
used, does not verify the domain name in the subject’s Common Name (CN)
field of an X.509 certificate, which allows man-in-the-middle attackers to
spoof SSL servers via an arbitrary valid certificate.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | per Debian, our mutt is linked against gnutls, bug #553433 |
Related
prion
prion
Design/Logic Flaw
2009-10-23 19:30:00
Design/Logic Flaw
2011-03-16 22:55:00
cve
cve
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:04
nvd
nvd
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:04
cvelist
cvelist
CVE-2009-3766
2009-10-23 19:00:00
CVE-2011-1429
2011-03-16 22:00:00
debiancve
debiancve
CVE-2009-3766
2009-10-23 19:30:00
CVE-2011-1429
2011-03-16 22:55:04
nessus
nessus
RHEL 4 : mutt (Unpatched Vulnerability)
2024-06-03 00:00:00
Mandriva Linux Security Advisory : mutt (MDVSA-2012:048)
2012-04-03 00:00:00
RHEL 5 : mutt (Unpatched Vulnerability)
2024-06-03 00:00:00
openvas
openvas
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
FreeBSD Ports: mutt-devel
2012-04-30 00:00:00
Mandriva Update for mutt MDVSA-2012:048 (mutt)
2012-08-03 00:00:00
ubuntucve
ubuntucve
CVE-2011-1429
2011-03-16 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.001
Percentile
36.2%
Related for UB:CVE-2009-3766