Vulnerability Description
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Evolution-Data-Server3 | >= 3.0.3, <= 3.2.1 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2011-3355Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355Issue TrackingThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-3355Third Party Advisory
- https://www.openwall.com/lists/oss-security/2011/09/09/1ExploitMailing List
- https://access.redhat.com/security/cve/cve-2011-3355Third Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355Issue TrackingThird Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2011-3355Third Party Advisory
- https://www.openwall.com/lists/oss-security/2011/09/09/1ExploitMailing List
FAQ
What is CVE-2011-3355?
CVE-2011-3355 is a vulnerability with a CVSS score of 7.3 (HIGH). evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. ...
How severe is CVE-2011-3355?
CVE-2011-3355 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3355?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Evolution-Data-Server3, Linux Linux Kernel.