| Revision Date: | 2022-06-30 | Version: | 1 |
| Title: | CVE-2014-7274 |
| Description: |
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | CVE-2014-7274
Mitre CVE-2014-7274
SUSE CVE-2014-7274
openSUSE-SU-2014:1315-1
|
| Platform(s): | openSUSE 12.3 Update
openSUSE 13.1
openSUSE Tumbleweed
| Product(s): | |
| Definition Synopsis |
| openSUSE 13.1 is installed AND Package Information
getmail-4.46.0-2.4.1 is installed
OR getmail-doc-4.46.0-2.4.1 is installed
|
| Definition Synopsis |
| openSUSE Tumbleweed is installed
AND Package Information
getmail-4.46.0-1.2 is installed
OR getmail-doc-4.46.0-1.2 is installed
|