CVE-2011-3355
N/A
N/A
Summary
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| evolution-data-server3 | evolution-data-server3 | 3.0.3 through 3.2.1 | affected |
Weaknesses
- IMAP does non-SSL connection when storing to Sent folder
ADP Enrichment
CVE Program Container
Additional References
- https://security-tracker.debian.org/tracker/CVE-2011-3355
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
- https://access.redhat.com/security/cve/cve-2011-3355
- https://www.openwall.com/lists/oss-security/2011/09/09/1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
References
- https://security-tracker.debian.org/tracker/CVE-2011-3355
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
- https://access.redhat.com/security/cve/cve-2011-3355
- https://www.openwall.com/lists/oss-security/2011/09/09/1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.