CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
36.2%
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is
used, does not verify the domain name in the subject’s Common Name (CN)
field of an X.509 certificate, which allows man-in-the-middle attackers to
spoof SSL servers via an arbitrary valid certificate.
Author | Note |
---|---|
jdstrand | per Debian, our mutt is linked against gnutls, bug #553433 |