CVE-2011-3355
Severity Score
7.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
evolution-data-server versión 3 3.0.3 hasta 3.2.1, utilizó una conexión no segura (no SSL) cuando se intenta almacenar mensajes de correo electrónico enviados a la carpeta Sent, cuando la carpeta Sent fue encontrada en el servidor remoto. Un atacante podría usar este fallo para obtener las credenciales de inicio de sesión de la víctima.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-30 CVE Reserved
- 2019-11-25 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-11-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-311: Missing Encryption of Sensitive Data
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/cve-2011-3355 | Third Party Advisory | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355 | Issue Tracking | |
| https://security-tracker.debian.org/tracker/CVE-2011-3355 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2011/09/09/1 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Evolution-data-server3 Search vendor "Gnome" for product "Evolution-data-server3" | >= 3.0.3 <= 3.2.1 Search vendor "Gnome" for product "Evolution-data-server3" and version " >= 3.0.3 <= 3.2.1" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|