Published: 15/10/2014 Updated: 30/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

plugins/rssyl/feed.c in Claws Mail prior to 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof servers and conduct man-in-the-middle (MITM) attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
claws-mail claws-mail
opensuse opensuse 12.3
opensuse opensuse 13.1

Debian Bug report logs - #742695 claws-mail: CVE-2014-2576 Package: claws-mail; Maintainer for claws-mail is Ricardo Mones <mones@debianorg>; Source for claws-mail is src:claws-mail (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 26 Mar 2014 13:33:02 UTC Severity: important Tags: c ...

CWE-310 http://seclists.org/oss-sec/2014/q1/636 http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106 http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html http://sourceforge.net/p/claws-mail/news/2014/05/claws-mail-3100-unleashed/http://secunia.com/advisories/60422 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742695 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2576

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect