Test Kennung:	1.3.6.1.4.1.25623.1.0.114170
Kategorie:	General
Titel:	Dovecot 2.0.x < 2.0.16 Man In The Middle Vulnerability
Zusammenfassung:	Dovecot is prone to a man-in-the-middle vulnerability.
Beschreibung:	Summary: Dovecot is prone to a man-in-the-middle vulnerability. Vulnerability Insight: When SSL or StartTLS is enabled and a hostname is used to define the proxy destination, Dovecot does not verify that the server hostname matches a domain name in the subject's Common Name(CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname. Affected Software/OS: Dovecot versions 2.0.x before 2.0.16. Solution: Update to version 2.0.16 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4318 https://bugs.gentoo.org/show_bug.cgi?id=390887 https://bugzilla.redhat.com/show_bug.cgi?id=754980 http://www.dovecot.org/list/dovecot-news/2011-November/000200.html http://www.openwall.com/lists/oss-security/2011/11/18/5 http://www.openwall.com/lists/oss-security/2011/11/18/7 RedHat Security Advisories: RHSA-2013:0520 http://rhn.redhat.com/errata/RHSA-2013-0520.html http://secunia.com/advisories/46886 http://secunia.com/advisories/52311
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.