Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
CVE Kennung: | CVE-2011-4318 |
Beschreibung: | Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname. |
Test Kennungen: | 1.3.6.1.4.1.25623.1.0.71027 1.3.6.1.4.1.25623.1.0.840950 1.3.6.1.4.1.25623.1.0.114170 |
Querverweise: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-4318 https://bugs.gentoo.org/show_bug.cgi?id=390887 https://bugzilla.redhat.com/show_bug.cgi?id=754980 http://www.dovecot.org/list/dovecot-news/2011-November/000200.html http://www.openwall.com/lists/oss-security/2011/11/18/5 http://www.openwall.com/lists/oss-security/2011/11/18/7 RedHat Security Advisories: RHSA-2013:0520 http://rhn.redhat.com/errata/RHSA-2013-0520.html http://secunia.com/advisories/46886 http://secunia.com/advisories/52311 |