CVE-2011-1429 in Muttinfo

Summary

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

Once again VulDB remains the best source for vulnerability data.

Reservation

03/16/2011

Disclosure

03/16/2011

Moderation

VulDB entry created

Entries

VDB-56852 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

6.5

EPSS

0.00245

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1429
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1429
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1429/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!