NVD

Id
48675  
Name
CVE-2009-1390  
Description
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-06-16  
Modified Date
2009-06-19  
Seq
2009-1390  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
245876 48675 CVE-2009-1390 http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a  View
245877 48675 CVE-2009-1390 http://dev.mutt.org/hg/mutt/rev/8f11dd00c770  View
245878 48675 CVE-2009-1390 [oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw  View
245879 48675 CVE-2009-1390 35288  View
245880 48675 CVE-2009-1390 mutt-x509-security-bypass(51068)  View
245881 48675 CVE-2009-1390 FEDORA-2009-6465  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
43587 JVNDB-2009-004594 Mutt における信頼されたサーバになりすまされる脆弱性 Mutt は、(1) OpenSSL (mutt_ssl.c) または (2) GnuTLS (mutt_ssl_gnutls.c) にリンクされる際、チェーン内全体を検証せずに、1 つの TLS の証明書が承認されると接続を許可するため、信頼されたサーバになりすまされる脆弱性が存在します。 CVE-2009-1390 38821 CVE-2009-1390 48675 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004594.html 2009-06-16 2012-09-25 View