Back to search
CVE-2014-7274
Published: Oct 8, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2014:1315
vendor-advisory
x_refsource_SUSE
[oss-security] 20141007 Re: CVE Request(s): Getmail 4
mailing-list
x_refsource_MLIST
DSA-3091
vendor-advisory
x_refsource_DEBIAN
61229
third-party-advisory
x_refsource_SECUNIA
http://pyropus.ca/software/getmail/CHANGELOG
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now