Description

Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.

Remediation

References

CVE-2009-1390

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6451)

WordPress Plugin Security & Malware scan by CleanTalk Security Bypass (2.50)

MongoDb Other Vulnerability (CVE-2020-7929)

WordPress Plugin WordPress Firewall 2 Multiple Vulnerabilities (1.3)

ownCloud Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2015-7698)

Severity

Medium

Classification

CVE-2009-1390 CWE-287

Tags

Missing Update Known Vulnerabilities