CVE-2016-10937 — Improper Certificate Validation in Project Imapfilter

CWE-295 — Improper Certificate Validation8 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 45.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Imapfilter Project Imapfilter Debian Linux Fedoraproject Fedora +2 more

Timeline

PublishedSep 8

Latest updateMay 24

Description

IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianimapfilter_project/imapfilter< 1:2.6.13-1+3

▶NVDimapfilter_project/imapfilter2.6.12

▶NVDopensuse/leap15.1

▶NVDopensuse/backports_sle15.0

Also affects: Debian Linux 8.0, Fedora 30, 31

🔴Vulnerability Details

GHSA

GHSA-849m-v43m-ppmq: IMAPFilter through 2↗2022-05-24

▶

OSV

CVE-2016-10937: IMAPFilter through 2↗2019-09-08

▶

CVEList

CVE-2016-10937: IMAPFilter through 2↗2019-09-08

▶

📋Vendor Advisories

Debian

CVE-2016-10937: imapfilter - IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.↗2016

▶

💬Community

Bugzilla

CVE-2016-10937 imapfilter: Missing validation for hostname in an SSL certificate↗2019-10-24

▶

Bugzilla

CVE-2016-10937 imapfilter: Missing validation for hostname in an SSL certificate [epel-all]↗2019-10-24

▶

Bugzilla

CVE-2016-10937 imapfilter: Missing validation for hostname in an SSL certificate [fedora-all]↗2019-10-24

▶