CVE-2014-2567 — MEDIUM (4.3)

Q: How severe is CVE-2014-2567?

CVE-2014-2567 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2567?

Check the references section above for vendor advisories and patch information. Affected products include: Trojita Project Trojita.

Vulnerability Description

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Trojita Project	Trojita	<= 0.4

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2014-2567?

CVE-2014-2567 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into...

How severe is CVE-2014-2567?

CVE-2014-2567 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2567?

Check the references section above for vendor advisories and patch information. Affected products include: Trojita Project Trojita.