CVE-2011-4318 in Dovecotinfo

Summary

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject s Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

11/04/2011

Disclosure

03/06/2013

Moderation

VulDB entry created

Entries

VDB-63692 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

6.5

EPSS

0.00380

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4318
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4318
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4318/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!