← Zuruck zu CVEs
CVE-2009-3766
N/ABeschreibung
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht10/23/2009
Zuletzt geandert4/23/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
mutt:muttopenssl:openssl
Schwachen (CWE)
CWE-310
Referenzen
http://dev.mutt.org/trac/ticket/3087(cve@mitre.org)
http://marc.info/?l=oss-security&m=125198917018936&w=2(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2009/10/26/1(cve@mitre.org)
http://dev.mutt.org/trac/ticket/3087(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125198917018936&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/10/26/1(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.