cbcvebase.
CVE-2016-9963
published 2017-02-01

CVE-2016-9963: Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

PriorityP432medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
3.10%
86.1th percentile
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

Affected

7 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianexim4< exim4 4.88~RC6-2 (bookworm)exim4 4.88~RC6-2 (bookworm)
eximexim<= 4.87

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.