Lucene search
Veracode Vulnerability DatabaseVERACODE:11146HistoryJan 15, 2019 - 8:57 a.m.
Authorization Bypass
2019-01-1508:57:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
EPSS
0.005
Percentile
77.1%
dovecot is vulnerable to authorization bypass attacks. The vulnerability exists as script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
References
dovecot.org/pipermail/dovecot/2011-May/059085.html
openwall.com/lists/oss-security/2011/05/18/4
rhn.redhat.com/errata/RHSA-2013-0520.html
secunia.com/advisories/52311
www.dovecot.org/doc/NEWS-2.0
www.securityfocus.com/bid/48003
access.redhat.com/security/updates/classification/#low
exchange.xforce.ibmcloud.com/vulnerabilities/67675
rhn.redhat.com/errata/RHSA-2013-0520.html
Related
cvelist
cvelist
CVE-2011-2166
2011-05-24 23:00:00
ubuntucve
ubuntucve
CVE-2011-2166
2011-05-24 00:00:00
prion
prion
Design/Logic Flaw
2011-05-24 23:55:00
openvas
openvas
Dovecot 2.0.x < 2.0.13 Authentication Bypass Vulnerability
2020-01-03 00:00:00
CentOS Update for dovecot CESA-2013:0520 centos6
2013-03-12 00:00:00
CentOS Update for dovecot CESA-2013:0520 centos6
2013-03-12 00:00:00
debiancve
debiancve
CVE-2011-2166
2011-05-24 23:55:04
cve
cve
CVE-2011-2166
2011-05-24 23:55:04
nvd
nvd
CVE-2011-2166
2011-05-24 23:55:04
centos
centos
dovecot security update
2013-02-27 19:34:23
oraclelinux
oraclelinux
dovecot security and bug fix update
2013-02-22 00:00:00
nessus
nessus
Scientific Linux Security Update : dovecot on SL6.x i386/x86_64 (20130221)
2013-03-05 00:00:00
RHEL 6 : dovecot (RHSA-2013:0520)
2013-02-21 00:00:00
Oracle Linux 6 : dovecot (ELSA-2013-0520)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2013:0520) Low: dovecot security and bug fix update
2013-02-21 00:00:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2011-10-10 00:00:00