CVE-2011-3355

Sažetak

evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.

Reference

https://access.redhat.com/security/cve/cve-2011-3355
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
https://security-tracker.debian.org/tracker/CVE-2011-3355
https://www.openwall.com/lists/oss-security/2011/09/09/1

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

14-12-2019 - 14:28

Objavljeno

25-11-2019 - 23:15