Vulnerability Description
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ximian | Evolution | 1.0.3 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/10292.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5875Vendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.htmlExploitPatchVendor Advisory
- http://www.iss.net/security_center/static/10292.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5875Vendor Advisory
FAQ
What is CVE-2002-1471?
CVE-2002-1471 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote atta...
How severe is CVE-2002-1471?
CVE-2002-1471 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1471?
Check the references section above for vendor advisories and patch information. Affected products include: Ximian Evolution.