← Back

CVE-2009-3766

nvd nist
Published: Oct 23, 2009Modified: Apr 23, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Affected (1)

Products: Mutt: Mutt
Mutt
1 product
Mutt
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mutt
From 1.5.16 to 1.5.19
Running on/withPlatform Versions
Openssl
Openssl
All versions

Related CWEs

CWE-310
CWE-310

References (6)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.