CVE-2014-7273

NONE EPSS 56.2%
Published Oct 8, 201411y ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 8, 2014 11y ago
Last Modified Jun 17, 2026 2w ago

Description

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate.

Threat Intelligence

EPSS Exploit Probability
56.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-310

Affected Products 62

VendorProductVersionRange
getmailgetmail4.0any
getmailgetmail4.0.0_b10any
getmailgetmail4.0.1any
getmailgetmail4.0.2any
getmailgetmail4.0.3any
getmailgetmail4.0.4any
getmailgetmail4.0.5any
getmailgetmail4.0.6any
getmailgetmail4.0.7any
getmailgetmail4.0.8any
getmailgetmail4.0.9any
getmailgetmail4.0.10any
getmailgetmail4.0.11any
getmailgetmail4.0.12any
getmailgetmail4.0.13any
getmailgetmail4.1any
getmailgetmail4.1.1any
getmailgetmail4.1.2any
getmailgetmail4.1.3any
getmailgetmail4.1.4any
getmailgetmail4.1.5any
getmailgetmail4.2.0any
getmailgetmail4.3.0any
getmailgetmail4.4.0any
getmailgetmail4.5.0any
getmailgetmail4.6.0any
getmailgetmail4.7.0any
getmailgetmail4.8.0any
getmailgetmail4.9.0any
getmailgetmail4.10.0any
getmailgetmail4.11.0any
getmailgetmail4.12.0any
getmailgetmail4.13.0any
getmailgetmail4.14.0any
getmailgetmail4.15.0any
getmailgetmail4.16.0any
getmailgetmail4.17.0any
getmailgetmail4.18.0any
getmailgetmail4.19.0any
getmailgetmail4.20.0any
getmailgetmail4.21.0any
getmailgetmail4.22.0any
getmailgetmail4.23.0any
getmailgetmail4.24.0any
getmailgetmail4.25.0any
getmailgetmail4.26.0any
getmailgetmail4.27.0any
getmailgetmail4.28.0any
getmailgetmail4.29.0any
getmailgetmail4.30.0any
getmailgetmail4.31.0any
getmailgetmail4.32.0any
getmailgetmail4.33.0any
getmailgetmail4.34.0any
getmailgetmail4.35.0any
getmailgetmail4.36.0any
getmailgetmail4.37.0any
getmailgetmail4.38.0any
getmailgetmail4.39.0any
getmailgetmail4.40.0any
getmailgetmail4.41.0any
getmailgetmail4.42.0any

References 5

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html
  • openwall.com http://openwall.com/lists/oss-security/2014/10/07/33
  • pyropus.ca http://pyropus.ca/software/getmail/CHANGELOG
  • secunia.com http://secunia.com/advisories/61229
  • debian.org http://www.debian.org/security/2014/dsa-3091

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.