← Retour aux CVEs
CVE-2009-3766
N/ADescription
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Details CVE
Score CVSS v3.1N/A
Publie10/23/2009
Derniere modification4/23/2026
Sourcenvd
Observations honeypot0
Produits affectes
mutt:muttopenssl:openssl
Faiblesses (CWE)
CWE-310
References
http://dev.mutt.org/trac/ticket/3087(cve@mitre.org)
http://marc.info/?l=oss-security&m=125198917018936&w=2(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2009/10/26/1(cve@mitre.org)
http://dev.mutt.org/trac/ticket/3087(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=oss-security&m=125198917018936&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2009/10/26/1(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.