CVE-2009-1390
Published Jun 16, 2009
Last updated 7 years ago
Overview
- Description
- Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5. Only mutt version 1.5.19 was affected by this flaw.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mutt:mutt:1.5.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89C33B31-B9BC-4E43-8221-219380B4B682"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DDA1CA86-1405-4C25-9BC2-5A5E6A76B911"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2745A1E0-C586-4686-A5AC-C82ABE726D5C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]