Oval Definition:oval:org.opensuse.security:def:20114318
Revision Date:2015-11-16Version:1
Title:CVE-2011-4318
Description:
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2011-4318
Platform(s):openSUSE 11.4
openSUSE 12.1
openSUSE 12.1 Update
Product(s):
Definition Synopsis
  • suse114 is installed
  • AND Package Information
  • dovecot20-backend-mysql less than 2.0.16-0.2.1
  • OR dovecot20-backend-pgsql less than 2.0.16-0.2.1
  • OR dovecot20-backend-sqlite less than 2.0.16-0.2.1
  • OR dovecot20-devel less than 2.0.16-0.2.1
  • OR dovecot20-fts-solr less than 2.0.16-0.2.1
  • OR dovecot20 less than 2.0.16-0.2.1
  • BACK