CVE-2014-7274
First published: Wed Oct 08 2014(Updated: )
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate from a recognized Certification Authority.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| getmail | =4.44.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-7274?
CVE-2014-7274 is considered a medium severity vulnerability due to its potential for man-in-the-middle attacks.
How do I fix CVE-2014-7274?
To fix CVE-2014-7274, it is recommended to upgrade to a version of getmail that correctly verifies server hostname in X.509 certificates.
What type of attack does CVE-2014-7274 expose users to?
CVE-2014-7274 exposes users to man-in-the-middle attacks by allowing attackers to spoof IMAP servers.
Which version of getmail is affected by CVE-2014-7274?
The affected version of getmail is 4.44.0.
What does CVE-2014-7274 impact in terms of security?
CVE-2014-7274 impacts the security of email communications by potentially allowing sensitive information to be obtained through spoofed IMAP servers.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/getmail
- canonical/getmail
- version/getmail/4.44.0