Back to search
CVE-2014-2576
Published: Oct 15, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
60422
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2014:1291
vendor-advisory
x_refsource_SUSE
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
x_refsource_CONFIRM
[oss-security] 20140322 Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext
mailing-list
x_refsource_MLIST
[claws-mail] 20140526 Claws Mail 3.10.0 Unleashed!!!
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now