Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2015-3420

Published: 19/09/2017 Updated: 05/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Dovecot

Vulnerability Summary

The ssl-proxy-openssl.c function in Dovecot prior to 2.2.17, when SSLv3 is disabled, allow remote malicious users to cause a denial of service (login process crash) via vectors related to handshake failures.

Vulnerable Product Search on Vulmon Subscribe to Product

dovecot dovecot

fedoraproject fedora 21

fedoraproject fedora 20

fedoraproject fedora 22

Vendor Advisories

Debian CVElist Bug Report Logs: dovecot: CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process
Debian Bug report logs - #783649 dovecot: CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process Package: src:dovecot; Maintainer for src:dovecot is Dovecot Maintainers <dovecot@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 28 Apr 2015 18:15:01 UTC S ...
Red Hat: CVE-2015-3420
The ssl-proxy-opensslc function in Dovecot before 2217, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures ...

References

CWE-295https://dovecot.org/pipermail/dovecot-news/2015-May/000292.htmlhttps://dovecot.org/pipermail/dovecot/2015-April/100618.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1216057http://www.securityfocus.com/bid/74335http://www.openwall.com/lists/oss-security/2015/04/28/4http://www.openwall.com/lists/oss-security/2015/04/27/1http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158261.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/158236.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-May/157030.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783649https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook