CVE-2011-3355
Summary
| CVE | CVE-2011-3355 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-25 23:15:00 UTC |
| Updated | 2019-12-14 14:28:00 UTC |
| Description | evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim. |
Risk And Classification
Problem Types: CWE-311
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnome | Evolution-data-server3 | All | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 707848 – (CVE-2011-3355) CVE-2011-3355 evolution: IMAP does non-SSL connection when storing to Sent folder | MISC | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| oss-security - CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder | MISC | www.openwall.com | Exploit, Mailing List |
| CVE-2011-3355 - Red Hat Customer Portal | MISC | access.redhat.com | Third Party Advisory |
| #641052 - evolution uses insecure connection when storing the sent message to the sent folder - Debian Bug report logs | MISC | bugs.debian.org | Third Party Advisory |
| CVE-2011-3355 | MISC | security-tracker.debian.org | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.