5.9

CVE-2016-9963

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EximExim Version <= 4.87
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version16.10
DebianDebian Linux Version8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.1% 0.86
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.debian.org/security/2016/dsa-3747
Third Party Advisory
http://www.exim.org/static/doc/CVE-2016-9963.txt
Vendor Advisory
Mitigation
http://www.securityfocus.com/bid/94947
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1037484
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3164-1
Third Party Advisory
https://bugs.exim.org/show_bug.cgi?id=1996
Vendor Advisory
Issue Tracking
Mitigation