QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4318

Published: Mar 7, 2013

Modified: Aug 7, 2024

PUBLISHED

Description

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

https://bugs.gentoo.org/show_bug.cgi?id=390887

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=754980

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://hg.dovecot.org/dovecot-2.0/rev/5e9eaf63a6b1

x_refsource_CONFIRM

[dovecot-news] 20111117 v2.0.16 released

mailing-list

x_refsource_MLIST

[oss-security] 20111118 Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying

mailing-list

x_refsource_MLIST

[oss-security] 20111118 Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.