Vulnerability CVE-2011-3355

Vulnerability Name:

CVE-2011-3355 (CCN-69829)

Assigned:

2011-09-09

Published:

2011-09-09

Updated:

2019-12-14

Summary:

evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.

CVSS v3 Severity:

7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-311

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2011-3355

Source: CCN
Type: GNOME Web site
Evolution

Source: CCN
Type: SA45941
Evolution evolution-data-server Settings Import Weakness

Source: CCN
Type: OSVDB ID: 75459
Evolution evolution-data-server Settings Import MitM Weakness Credentials Disclosure

Source: MISC
Type: Third Party Advisory
https://access.redhat.com/security/cve/cve-2011-3355

Source: MISC
Type: Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052

Source: CCN
Type: Red Hat Bugzilla Bug 697904
Evolution doesn't used secured IMAP connection after sending a message

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355

Source: XF
Type: UNKNOWN
evolution-evolutiondataserver-info-disc(69829)

Source: MISC
Type: Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3355

Source: MISC
Type: Exploit, Mailing List
https://www.openwall.com/lists/oss-security/2011/09/09/1

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:evolution-data-server3:*:*:*:*:*:*:*:* (Version >= 3.0.3 and <= 3.2.1)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnome:evolution:3.0.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK