- Description
- Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
- Red HatNot vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5. Only mutt version 1.5.19 was affected by this flaw.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mutt:mutt:1.5.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89C33B31-B9BC-4E43-8221-219380B4B682"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DDA1CA86-1405-4C25-9BC2-5A5E6A76B911"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2745A1E0-C586-4686-A5AC-C82ABE726D5C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]