CVE-2011-3355

evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
gnomeevolution-data-server3
3.0.3 ≤
𝑥
≤ 3.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
evolution-data-server
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2011-3355
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
https://security-tracker.debian.org/tracker/CVE-2011-3355
https://www.openwall.com/lists/oss-security/2011/09/09/1
https://access.redhat.com/security/cve/cve-2011-3355
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
https://security-tracker.debian.org/tracker/CVE-2011-3355
https://www.openwall.com/lists/oss-security/2011/09/09/1