CVE-2002-1471

5 documents5 sources

Severity

5.0MEDIUM

EPSS

0.3%

top 50.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ximian Evolution

Timeline

PublishedApr 22

Latest updateApr 30

Description

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDximian/evolution6 versions+5

▶Debianevolution< 1.2.0-1+3

Patches

Patch: archives.neohapsis.com ↗Patch: www.iss.net ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-5p84-cvh4-gvvh: The camel component for Ximian Evolution 1↗2022-04-30

▶

CVEList

CVE-2002-1471: The camel component for Ximian Evolution 1↗2004-09-01

▶

OSV

CVE-2002-1471: The camel component for Ximian Evolution 1↗2003-04-22

▶

📋Vendor Advisories

Debian

CVE-2002-1471: evolution - The camel component for Ximian Evolution 1.0.x and earlier does not verify certi...↗2002

▶