CVE-2011-3372
published 2011-12-24CVE-2011-3372: imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.36%
87.2th percentile
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cyrus | imapd | <= 2.4.11 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
cyrus-imapd: nntpd authentication bypass
vendor_redhat·2011-10-05·CVSS 7.5
CVE-2011-3372 [HIGH] cyrus-imapd: nntpd authentication bypass
cyrus-imapd: nntpd authentication bypass
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
GHSA
GHSA-vq7q-vrrq-cr5f: imap/nntpd
ghsa_unreviewed·2022-05-17
CVE-2011-3372 [HIGH] CWE-287 GHSA-vq7q-vrrq-cr5f: imap/nntpd
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
No detection rules found.
No public exploits indexed.
http://cyrusimap.org/mediawiki/index.php/Latest_Updateshttp://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594http://secunia.com/advisories/46093http://secunia.com/secunia_research/2011-68http://securitytracker.com/id?1026363http://www.debian.org/security/2011/dsa-2318http://www.mandriva.com/security/advisories?name=MDVSA-2011:149http://www.redhat.com/support/errata/RHSA-2011-1508.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=740822http://cyrusimap.org/mediawiki/index.php/Latest_Updateshttp://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594http://secunia.com/advisories/46093http://secunia.com/secunia_research/2011-68http://securitytracker.com/id?1026363http://www.debian.org/security/2011/dsa-2318http://www.mandriva.com/security/advisories?name=MDVSA-2011:149http://www.redhat.com/support/errata/RHSA-2011-1508.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=740822
2011-12-24
Published