CVE-2014-7275 (GCVE-0-2014-7275)

Vulnerability from cvelistv5 – Published: 2014-10-08 01:00 – Updated: 2024-08-06 12:47
VLAI?
Summary
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://lists.opensuse.org/opensuse-updates/2014-1… vendor-advisoryx_refsource_SUSE
http://openwall.com/lists/oss-security/2014/10/07/33 mailing-listx_refsource_MLIST
http://www.debian.org/security/2014/dsa-3091 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/61229 third-party-advisoryx_refsource_SECUNIA
http://pyropus.ca/software/getmail/CHANGELOG x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T12:47:32.364Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:1315",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
          },
          {
            "name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/10/07/33"
          },
          {
            "name": "DSA-3091",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3091"
          },
          {
            "name": "61229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://pyropus.ca/software/getmail/CHANGELOG"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-12-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:1315",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
        },
        {
          "name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/10/07/33"
        },
        {
          "name": "DSA-3091",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3091"
        },
        {
          "name": "61229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://pyropus.ca/software/getmail/CHANGELOG"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-7275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:1315",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"
            },
            {
              "name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/10/07/33"
            },
            {
              "name": "DSA-3091",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3091"
            },
            {
              "name": "61229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61229"
            },
            {
              "name": "http://pyropus.ca/software/getmail/CHANGELOG",
              "refsource": "CONFIRM",
              "url": "http://pyropus.ca/software/getmail/CHANGELOG"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-7275",
    "datePublished": "2014-10-08T01:00:00",
    "dateReserved": "2014-10-01T00:00:00",
    "dateUpdated": "2024-08-06T12:47:32.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BB9C751-57B7-45D6-8090-4437A5738B64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E006277E-F1F9-48C6-A558-6CE034FEB8E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2029B8AA-D93F-4728-9D09-7A6292710E56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA67A71D-96A0-4E94-B323-9BFF8D706555\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E29D3B51-4836-495E-9F9D-BCF60C141AB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45825ACF-8D5C-4DE2-9A59-CEE3BFF32594\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4526FB1-EFC8-42FB-A914-56B570B6DE70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55930804-2994-4619-8681-B9A23D3782B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2494418A-473A-4261-BC33-D24A78C3F930\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DEF7144-3C41-4435-9411-55E2E9D77FE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F746212-2CBA-48C4-9F8E-4D4088D581A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B258472-0299-4908-8424-D5BD7118A63A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"150DC643-0825-4896-BB98-0579ACC6B9E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF2B512C-D0B1-4023-8CE4-AF72B61901F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDFF7A4E-7A41-44E0-B220-28E6B907FBFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85D95386-FBCB-49DE-8691-4043021C8F2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8CE4E384-4964-4E5F-A6BD-F3EF452D0033\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"353ED688-0E51-481B-AB2C-B221789BFA0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6826172E-6B0A-4AD4-B208-D76A3EFA0ED5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ED2B7B5-828D-4EF2-B261-EDD0C4C0F82A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE58943D-E5D9-4B49-B1E0-4968B4C31EF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42EF705A-6177-4892-B422-4279FFDA44FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E626006-6738-47D3-9B68-5E46BE707ABC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97417756-5B97-482E-98EF-4C830B8CA5C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F78B178-34E9-43C0-B6AC-4721AAAE88E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E25C2948-FBA2-4DBC-B159-4E534582F7FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"598527D1-1C01-40E8-9136-24BF0C84CBBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C978EC76-C765-4013-B6EE-86C8253D61FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E59B6F58-69C6-4E7A-82EC-FD2C35E09476\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A7EED28-BAD6-4EF6-8EA6-298078F1532B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C30D6AF-8065-4704-BD48-02906BE5AD17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5107BC4B-3FD2-4566-8529-BE214421A2F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.17.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9ED8F86E-D02D-40A7-9BE1-65FB81CA7A7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.18.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"458AA23D-33BF-412C-99B8-A76E042F9F48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.19.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4074E219-D5D1-4CB3-BF6F-DD26C68F46AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.20.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85B6FA09-D731-4621-8526-5BC0C52FC5B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.21.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"768F553E-BC99-407E-BD9A-5D0162102DE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.22.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9665553-24BF-4B89-8336-22C5627B5BB5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.23.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B57A507-A3E2-421B-9092-910A4A4168C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.24.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79370501-0E08-40D7-BC2F-9D88C9FFEA4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.25.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B46A68-C096-4B96-A9BF-7DB01743A199\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.26.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"440165D6-6AA6-48AE-B52C-F871568AEA12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.27.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C932E13-E281-4D2C-AC11-873F83A8DE2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.28.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B9415F3-ACDF-4C3B-91C2-02D589312137\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.29.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33867423-85F6-4948-BD5A-4964E447C4FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.30.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19547C8A-252A-4CEE-89CF-BCB4D5683A36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.31.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E393D9EF-2A64-4D60-B554-E8F6535D9CA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.32.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C84D3012-9F73-47BE-BC9D-54F644D5EA8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.33.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D00742C-1E33-4E55-8AD6-9E7D66C375EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.34.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43618CED-404D-4D38-941B-3A40494FF239\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.35.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A031B91A-CF73-4800-B1E2-48B7F7EDE6C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.36.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E4270FB-39BD-4708-B580-10B12B8B1553\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.37.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98A0FFDC-EC5C-41D2-A3B2-FA333A35E766\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.38.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B80FBCC-A32A-4AD3-8DFB-FF5A30F3290C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.39.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DE7E687-45FC-4A0C-BC48-18C4B1535CE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.40.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76602CEC-3131-4C45-B967-BB5CA7B9CD20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.41.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A45D818B-271A-4963-9DC1-BF4561A80D89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.42.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31C4CFEF-D15D-4D74-B903-81763D484C4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.43.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5D3BA00-76EE-4F6F-AB93-84E56A745884\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:getmail:getmail:4.44.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"565C1A4F-D171-40CA-8F5A-E616DCD7DF79\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n POP3-over-SSL en getmail 4.0.0 hasta 4.44.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores POP3 y obtener informaci\\u00f3n sensible a trav\\u00e9s de un certificado manipulado.\"}]",
      "id": "CVE-2014-7275",
      "lastModified": "2024-11-21T02:16:39.813",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-10-08T01:55:05.830",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://openwall.com/lists/oss-security/2014/10/07/33\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://pyropus.ca/software/getmail/CHANGELOG\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/61229\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2014/dsa-3091\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://openwall.com/lists/oss-security/2014/10/07/33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://pyropus.ca/software/getmail/CHANGELOG\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/61229\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2014/dsa-3091\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-7275\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-10-08T01:55:05.830\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n POP3-over-SSL en getmail 4.0.0 hasta 4.44.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores POP3 y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BB9C751-57B7-45D6-8090-4437A5738B64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E006277E-F1F9-48C6-A558-6CE034FEB8E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2029B8AA-D93F-4728-9D09-7A6292710E56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA67A71D-96A0-4E94-B323-9BFF8D706555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E29D3B51-4836-495E-9F9D-BCF60C141AB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45825ACF-8D5C-4DE2-9A59-CEE3BFF32594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4526FB1-EFC8-42FB-A914-56B570B6DE70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55930804-2994-4619-8681-B9A23D3782B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2494418A-473A-4261-BC33-D24A78C3F930\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DEF7144-3C41-4435-9411-55E2E9D77FE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F746212-2CBA-48C4-9F8E-4D4088D581A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B258472-0299-4908-8424-D5BD7118A63A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"150DC643-0825-4896-BB98-0579ACC6B9E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF2B512C-D0B1-4023-8CE4-AF72B61901F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDFF7A4E-7A41-44E0-B220-28E6B907FBFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85D95386-FBCB-49DE-8691-4043021C8F2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CE4E384-4964-4E5F-A6BD-F3EF452D0033\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"353ED688-0E51-481B-AB2C-B221789BFA0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6826172E-6B0A-4AD4-B208-D76A3EFA0ED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ED2B7B5-828D-4EF2-B261-EDD0C4C0F82A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE58943D-E5D9-4B49-B1E0-4968B4C31EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42EF705A-6177-4892-B422-4279FFDA44FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E626006-6738-47D3-9B68-5E46BE707ABC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97417756-5B97-482E-98EF-4C830B8CA5C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F78B178-34E9-43C0-B6AC-4721AAAE88E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E25C2948-FBA2-4DBC-B159-4E534582F7FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"598527D1-1C01-40E8-9136-24BF0C84CBBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C978EC76-C765-4013-B6EE-86C8253D61FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E59B6F58-69C6-4E7A-82EC-FD2C35E09476\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A7EED28-BAD6-4EF6-8EA6-298078F1532B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C30D6AF-8065-4704-BD48-02906BE5AD17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5107BC4B-3FD2-4566-8529-BE214421A2F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ED8F86E-D02D-40A7-9BE1-65FB81CA7A7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"458AA23D-33BF-412C-99B8-A76E042F9F48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4074E219-D5D1-4CB3-BF6F-DD26C68F46AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85B6FA09-D731-4621-8526-5BC0C52FC5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.21.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"768F553E-BC99-407E-BD9A-5D0162102DE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.22.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9665553-24BF-4B89-8336-22C5627B5BB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B57A507-A3E2-421B-9092-910A4A4168C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79370501-0E08-40D7-BC2F-9D88C9FFEA4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.25.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B46A68-C096-4B96-A9BF-7DB01743A199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"440165D6-6AA6-48AE-B52C-F871568AEA12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C932E13-E281-4D2C-AC11-873F83A8DE2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B9415F3-ACDF-4C3B-91C2-02D589312137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.29.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33867423-85F6-4948-BD5A-4964E447C4FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.30.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19547C8A-252A-4CEE-89CF-BCB4D5683A36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E393D9EF-2A64-4D60-B554-E8F6535D9CA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C84D3012-9F73-47BE-BC9D-54F644D5EA8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D00742C-1E33-4E55-8AD6-9E7D66C375EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43618CED-404D-4D38-941B-3A40494FF239\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A031B91A-CF73-4800-B1E2-48B7F7EDE6C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E4270FB-39BD-4708-B580-10B12B8B1553\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98A0FFDC-EC5C-41D2-A3B2-FA333A35E766\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B80FBCC-A32A-4AD3-8DFB-FF5A30F3290C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE7E687-45FC-4A0C-BC48-18C4B1535CE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76602CEC-3131-4C45-B967-BB5CA7B9CD20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A45D818B-271A-4963-9DC1-BF4561A80D89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.42.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C4CFEF-D15D-4D74-B903-81763D484C4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.43.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D3BA00-76EE-4F6F-AB93-84E56A745884\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:getmail:getmail:4.44.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565C1A4F-D171-40CA-8F5A-E616DCD7DF79\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/10/07/33\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://pyropus.ca/software/getmail/CHANGELOG\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/61229\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2014/dsa-3091\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://openwall.com/lists/oss-security/2014/10/07/33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://pyropus.ca/software/getmail/CHANGELOG\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/61229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2014/dsa-3091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.