CVE-2016-10727
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.
camel/providers/imapx/camel-imapx-server.c en el componente IMAPx en GNOME evolution-data-server en versiones anteriores a la 3.21.2 continúa con datos en texto claro que contienen una contraseña si el cliente desea emplear STARTTLS, pero el servidor no lo utiliza. Esto facilita que los atacantes remotos obtengan información sensible rastreando la red. El código del servidor debería reportar un error y no continuar, pero el código se escribió erróneamente.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-19 CVE Reserved
- 2018-07-20 CVE Published
- 2024-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1334842 | 2024-08-06 |
URL | Date | SRC |
---|---|---|
https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67 | 2018-09-18 |
URL | Date | SRC |
---|---|---|
https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022 | 2018-09-18 | |
https://usn.ubuntu.com/3724-1 | 2018-09-18 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Gnome Search vendor "Gnome" | Evolution Search vendor "Gnome" for product "Evolution" | < 3.21.2 Search vendor "Gnome" for product "Evolution" and version " < 3.21.2" | - |
Affected
|