{"containers": {"cna": {"affected": [{"product": "evolution-data-server3", "vendor": "evolution-data-server3", "versions": [{"status": "affected", "version": "3.0.3 through 3.2.1"}]}], "descriptions": [{"lang": "en", "value": "evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim."}], "problemTypes": [{"descriptions": [{"description": "IMAP does non-SSL connection when storing to Sent folder", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-25T22:30:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3355"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2011-3355"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2011/09/09/1"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3355", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "evolution-data-server3", "version": {"version_data": [{"version_value": "3.0.3 through 3.2.1"}]}}]}, "vendor_name": "evolution-data-server3"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMAP does non-SSL connection when storing to Sent folder"}]}]}, "references": {"reference_data": [{"name": "https://security-tracker.debian.org/tracker/CVE-2011-3355", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2011-3355"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355"}, {"name": "https://access.redhat.com/security/cve/cve-2011-3355", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2011-3355"}, {"name": "https://www.openwall.com/lists/oss-security/2011/09/09/1", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2011/09/09/1"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:29:56.744Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3355"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2011-3355"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2011/09/09/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3355", "datePublished": "2019-11-25T22:30:00", "dateReserved": "2011-08-30T00:00:00", "dateUpdated": "2024-08-06T23:29:56.744Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:evolution-data-server3:*:*:*:*:*:*:*:*", "matchCriteriaId": "64645AFF-EFD2-4CF0-B0C1-0BEF63B1FE21", "versionEndIncluding": "3.2.1", "versionStartIncluding": "3.0.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim."}, {"lang": "es", "value": "evolution-data-server versi\u00f3n 3 3.0.3 hasta 3.2.1, utiliz\u00f3 una conexi\u00f3n no segura (no SSL) cuando se intenta almacenar mensajes de correo electr\u00f3nico enviados a la carpeta Sent, cuando la carpeta Sent fue encontrada en el servidor remoto. Un atacante podr\u00eda usar este fallo para obtener las credenciales de inicio de sesi\u00f3n de la v\u00edctima."}], "id": "CVE-2011-3355", "lastModified": "2019-12-14T14:28:30.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-25T23:15:10.633", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2011-3355"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3355"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/09/09/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "evolution: IMAP does non-SSL connection when storing to Sent folder", "id": "707848", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707848"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim."], "name": "CVE-2011-3355", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "evolution", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "evolution28", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "evolution", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "evolution", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "evolution-data-server", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2011-04-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-3355\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3355"], "statement": "Not vulnerable. This issue did not affect the versions of evolution as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the version of evolution28 as shipped with Red Hat Enterprise Linux 4.", "threat_severity": "Low", "upstream_fix": "evolution 3.1.2"}