Published: 22/04/2003 Updated: 05/09/2008

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The camel component for Ximian Evolution 1.0.x and previous versions does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote malicious users to monitor or modify sessions via a man-in-the-middle attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ximian evolution 1.0.7
ximian evolution 1.0.3
ximian evolution 1.0.4
ximian evolution 1.0.5
ximian evolution 1.0.6
ximian evolution 1.0.8

Debian Bug report logs - #280883 is woody evolution still vulnerable to SSL Man-In-The-Middle Vulnerability? Package: evolution; Maintainer for evolution is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for evolution is src:evolution (PTS, buildd, popcon) Reported by: Djoume SALVETTI <dj ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html http://www.iss.net/security_center/static/10292.php http://www.securityfocus.com/bid/5875 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=280883 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-1471

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect