Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2011-4318

Published: 07/03/2013 Updated: 07/03/2013
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Dovecot

Vulnerability Summary

Dovecot 2.0.x prior to 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via a valid certificate for a different hostname.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dovecot dovecot 2.0.3

dovecot dovecot 2.0.4

dovecot dovecot 2.0.5

dovecot dovecot 2.0.6

dovecot dovecot 2.0.7

dovecot dovecot 2.0.1

dovecot dovecot 2.0.8

dovecot dovecot 2.0.10

dovecot dovecot 2.0.0

dovecot dovecot 2.0.2

dovecot dovecot 2.0.9

dovecot dovecot 2.0.11

dovecot dovecot 2.0.12

dovecot dovecot 2.0.13

dovecot dovecot 2.0.14

dovecot dovecot 2.0.15

Vendor Advisories

Red Hat: Low: dovecot security and bug fix update
Synopsis Low: dovecot security and bug fix update Type/Severity Security Advisory: Low Topic Updated dovecot packages that fix three security issues and one bug are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having lowsecurity impact Common Vulne ...
Debian CVElist Bug Report Logs: CVE-2011-4318
Debian Bug report logs - #649511 CVE-2011-4318 Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 21 Nov 2011 18:27:02 UTC Severity: important Tags: security Fixed in version 1:2018-1 Done: Yves-Alexis ...
Ubuntu Security Notice: dovecot vulnerability
Dovecot could be made to expose sensitive information over the network ...

References

CWE-20http://www.openwall.com/lists/oss-security/2011/11/18/5https://bugzilla.redhat.com/show_bug.cgi?id=754980http://rhn.redhat.com/errata/RHSA-2013-0520.htmlhttp://www.dovecot.org/list/dovecot-news/2011-November/000200.htmlhttp://secunia.com/advisories/52311http://www.openwall.com/lists/oss-security/2011/11/18/7http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1https://bugs.gentoo.org/show_bug.cgi?id=390887http://secunia.com/advisories/46886https://access.redhat.com/errata/RHSA-2013:0520https://usn.ubuntu.com/1295-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook