CVE-2011-3355

{"id": "CVE-2011-3355", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2019-11-25T23:15:10.633", "references": [{"url": "https://access.redhat.com/security/cve/cve-2011-3355", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2011-3355", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.openwall.com/lists/oss-security/2011/09/09/1", "tags": ["Exploit", "Mailing List"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/cve-2011-3355", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2011-3355", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2011/09/09/1", "tags": ["Exploit", "Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-311"}]}], "descriptions": [{"lang": "en", "value": "evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim."}, {"lang": "es", "value": "evolution-data-server versi\u00f3n 3 3.0.3 hasta 3.2.1, utiliz\u00f3 una conexi\u00f3n no segura (no SSL) cuando se intenta almacenar mensajes de correo electr\u00f3nico enviados a la carpeta Sent, cuando la carpeta Sent fue encontrada en el servidor remoto. Un atacante podr\u00eda usar este fallo para obtener las credenciales de inicio de sesi\u00f3n de la v\u00edctima."}], "lastModified": "2024-11-21T01:30:19.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evolution-data-server3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64645AFF-EFD2-4CF0-B0C1-0BEF63B1FE21", "versionEndIncluding": "3.2.1", "versionStartIncluding": "3.0.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}