Security Advisory

CVE-2009-3766

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-10-23 19:00:00

Last updated 2024-08-07 06:38:30

Assigner mitre

State PUBLISHED

Description

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subjects Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

← Browse all CVEs View on cve.org ↗