Published: 15/10/2014 Updated: 30/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

plugins/rssyl/feed.c in Claws Mail prior to 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof servers and conduct man-in-the-middle (MITM) attacks.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

claws-mail claws-mail

opensuse opensuse 12.3

opensuse opensuse 13.1

Vendor Advisories

Debian Bug report logs - #742695 claws-mail: CVE-2014-2576 Package: claws-mail; Maintainer for claws-mail is Ricardo Mones <mones@debianorg>; Source for claws-mail is src:claws-mail (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Wed, 26 Mar 2014 13:33:02 UTC Severity: important Tags: c ...