{"api_version":"1","generated_at":"2026-05-13T03:12:20+00:00","cve":"CVE-2011-3355","urls":{"html":"https://cve.report/CVE-2011-3355","api":"https://cve.report/api/cve/CVE-2011-3355.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2011-3355","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2011-3355"},"summary":{"title":"CVE-2011-3355","description":"evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2019-11-25 23:15:00","updated_at":"2019-12-14 14:28:00"},"problem_types":["CWE-311"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"707848 – (CVE-2011-3355) CVE-2011-3355 evolution: IMAP does non-SSL connection when storing to Sent folder","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.openwall.com/lists/oss-security/2011/09/09/1","name":"https://www.openwall.com/lists/oss-security/2011/09/09/1","refsource":"MISC","tags":["Exploit","Mailing List"],"title":"oss-security - CVE Request -- evolution -- Uses insecure (non-SSL) connection when\n storing the sent message into the Sent folder","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/cve-2011-3355","name":"https://access.redhat.com/security/cve/cve-2011-3355","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE-2011-3355 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052","name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052","refsource":"MISC","tags":["Third Party Advisory"],"title":"#641052 - evolution uses insecure connection when storing the sent message to the sent folder - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security-tracker.debian.org/tracker/CVE-2011-3355","name":"https://security-tracker.debian.org/tracker/CVE-2011-3355","refsource":"MISC","tags":["Third Party Advisory"],"title":"CVE-2011-3355","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2011-3355","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3355","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2011","cve_id":"3355","vulnerable":"1","versionEndIncluding":"3.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnome","cpe5":"evolution-data-server3","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3355","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2011","cve_id":"3355","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2011-3355","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"evolution-data-server3","product":{"product_data":[{"product_name":"evolution-data-server3","version":{"version_data":[{"version_value":"3.0.3 through 3.2.1"}]}}]}}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"IMAP does non-SSL connection when storing to Sent folder"}]}]},"references":{"reference_data":[{"url":"https://security-tracker.debian.org/tracker/CVE-2011-3355","refsource":"MISC","name":"https://security-tracker.debian.org/tracker/CVE-2011-3355"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355"},{"url":"https://access.redhat.com/security/cve/cve-2011-3355","refsource":"MISC","name":"https://access.redhat.com/security/cve/cve-2011-3355"},{"refsource":"MISC","name":"https://www.openwall.com/lists/oss-security/2011/09/09/1","url":"https://www.openwall.com/lists/oss-security/2011/09/09/1"},{"refsource":"MISC","name":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052"}]}},"nvd":{"publishedDate":"2019-11-25 23:15:00","lastModifiedDate":"2019-12-14 14:28:00","problem_types":["CWE-311"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnome:evolution-data-server3:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.3","versionEndIncluding":"3.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2011","CveId":"3355","Ordinal":"50600","Title":"CVE-2011-3355","CVE":"CVE-2011-3355","Year":"2011"},"notes":[{"CveYear":"2011","CveId":"3355","Ordinal":"1","NoteData":"evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.","Type":"Description","Title":null},{"CveYear":"2011","CveId":"3355","Ordinal":"2","NoteData":"2019-11-25","Type":"Other","Title":"Published"},{"CveYear":"2011","CveId":"3355","Ordinal":"3","NoteData":"2019-11-25","Type":"Other","Title":"Modified"}]}}}