7.5

CVE-2011-3372

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CyrusImapd Version <= 2.4.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.36% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.debian.org/security/2011/dsa-2318
http://www.mandriva.com/security/advisories?name=MDVSA-2011:149
http://www.redhat.com/support/errata/RHSA-2011-1508.html
http://cyrusimap.org/mediawiki/index.php/Latest_Updates
http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594
http://secunia.com/advisories/46093
Vendor Advisory
http://secunia.com/secunia_research/2011-68
Vendor Advisory
http://securitytracker.com/id?1026363
https://bugzilla.redhat.com/show_bug.cgi?id=740822