{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "openSUSE-SU-2014:1315", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"}, {"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2014/10/07/33"}, {"name": "DSA-3091", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3091"}, {"name": "61229", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/61229"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://pyropus.ca/software/getmail/CHANGELOG"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7275", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:1315", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"}, {"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2014/10/07/33"}, {"name": "DSA-3091", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3091"}, {"name": "61229", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61229"}, {"name": "http://pyropus.ca/software/getmail/CHANGELOG", "refsource": "CONFIRM", "url": "http://pyropus.ca/software/getmail/CHANGELOG"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:47:32.364Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2014:1315", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"}, {"name": "[oss-security] 20141007 Re: CVE Request(s): Getmail 4", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2014/10/07/33"}, {"name": "DSA-3091", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3091"}, {"name": "61229", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/61229"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://pyropus.ca/software/getmail/CHANGELOG"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-7275", "datePublished": "2014-10-08T01:00:00", "dateReserved": "2014-10-01T00:00:00", "dateUpdated": "2024-08-06T12:47:32.364Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getmail:getmail:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BB9C751-57B7-45D6-8090-4437A5738B64", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2AEAC0B6-1AFC-44E9-9A99-1E1461A4F7E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E006277E-F1F9-48C6-A558-6CE034FEB8E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "2029B8AA-D93F-4728-9D09-7A6292710E56", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "EA67A71D-96A0-4E94-B323-9BFF8D706555", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E29D3B51-4836-495E-9F9D-BCF60C141AB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "D23A07F3-9AE4-43F6-86D0-CA1D1562A3F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "45825ACF-8D5C-4DE2-9A59-CEE3BFF32594", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E4526FB1-EFC8-42FB-A914-56B570B6DE70", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "55930804-2994-4619-8681-B9A23D3782B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "2494418A-473A-4261-BC33-D24A78C3F930", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "1DEF7144-3C41-4435-9411-55E2E9D77FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "1F746212-2CBA-48C4-9F8E-4D4088D581A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B258472-0299-4908-8424-D5BD7118A63A", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "150DC643-0825-4896-BB98-0579ACC6B9E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "CF2B512C-D0B1-4023-8CE4-AF72B61901F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "EDFF7A4E-7A41-44E0-B220-28E6B907FBFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "85D95386-FBCB-49DE-8691-4043021C8F2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "8CE4E384-4964-4E5F-A6BD-F3EF452D0033", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "353ED688-0E51-481B-AB2C-B221789BFA0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6826172E-6B0A-4AD4-B208-D76A3EFA0ED5", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0ED2B7B5-828D-4EF2-B261-EDD0C4C0F82A", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FE58943D-E5D9-4B49-B1E0-4968B4C31EF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "42EF705A-6177-4892-B422-4279FFDA44FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E626006-6738-47D3-9B68-5E46BE707ABC", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "97417756-5B97-482E-98EF-4C830B8CA5C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F78B178-34E9-43C0-B6AC-4721AAAE88E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "E25C2948-FBA2-4DBC-B159-4E534582F7FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "598527D1-1C01-40E8-9136-24BF0C84CBBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "C978EC76-C765-4013-B6EE-86C8253D61FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "E59B6F58-69C6-4E7A-82EC-FD2C35E09476", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A7EED28-BAD6-4EF6-8EA6-298078F1532B", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C30D6AF-8065-4704-BD48-02906BE5AD17", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.16.0:*:*:*:*:*:*:*", "matchCriteriaId": "5107BC4B-3FD2-4566-8529-BE214421A2F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "9ED8F86E-D02D-40A7-9BE1-65FB81CA7A7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.18.0:*:*:*:*:*:*:*", "matchCriteriaId": "458AA23D-33BF-412C-99B8-A76E042F9F48", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "4074E219-D5D1-4CB3-BF6F-DD26C68F46AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.20.0:*:*:*:*:*:*:*", "matchCriteriaId": "85B6FA09-D731-4621-8526-5BC0C52FC5B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.21.0:*:*:*:*:*:*:*", "matchCriteriaId": "768F553E-BC99-407E-BD9A-5D0162102DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9665553-24BF-4B89-8336-22C5627B5BB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B57A507-A3E2-421B-9092-910A4A4168C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "79370501-0E08-40D7-BC2F-9D88C9FFEA4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.25.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B46A68-C096-4B96-A9BF-7DB01743A199", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.26.0:*:*:*:*:*:*:*", "matchCriteriaId": "440165D6-6AA6-48AE-B52C-F871568AEA12", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.27.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C932E13-E281-4D2C-AC11-873F83A8DE2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.28.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B9415F3-ACDF-4C3B-91C2-02D589312137", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.29.0:*:*:*:*:*:*:*", "matchCriteriaId": "33867423-85F6-4948-BD5A-4964E447C4FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "19547C8A-252A-4CEE-89CF-BCB4D5683A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.31.0:*:*:*:*:*:*:*", "matchCriteriaId": "E393D9EF-2A64-4D60-B554-E8F6535D9CA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.32.0:*:*:*:*:*:*:*", "matchCriteriaId": "C84D3012-9F73-47BE-BC9D-54F644D5EA8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.33.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D00742C-1E33-4E55-8AD6-9E7D66C375EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.34.0:*:*:*:*:*:*:*", "matchCriteriaId": "43618CED-404D-4D38-941B-3A40494FF239", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.35.0:*:*:*:*:*:*:*", "matchCriteriaId": "A031B91A-CF73-4800-B1E2-48B7F7EDE6C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.36.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E4270FB-39BD-4708-B580-10B12B8B1553", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.37.0:*:*:*:*:*:*:*", "matchCriteriaId": "98A0FFDC-EC5C-41D2-A3B2-FA333A35E766", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.38.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B80FBCC-A32A-4AD3-8DFB-FF5A30F3290C", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.39.0:*:*:*:*:*:*:*", "matchCriteriaId": "7DE7E687-45FC-4A0C-BC48-18C4B1535CE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.40.0:*:*:*:*:*:*:*", "matchCriteriaId": "76602CEC-3131-4C45-B967-BB5CA7B9CD20", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.41.0:*:*:*:*:*:*:*", "matchCriteriaId": "A45D818B-271A-4963-9DC1-BF4561A80D89", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.42.0:*:*:*:*:*:*:*", "matchCriteriaId": "31C4CFEF-D15D-4D74-B903-81763D484C4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.43.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5D3BA00-76EE-4F6F-AB93-84E56A745884", "vulnerable": true}, {"criteria": "cpe:2.3:a:getmail:getmail:4.44.0:*:*:*:*:*:*:*", "matchCriteriaId": "565C1A4F-D171-40CA-8F5A-E616DCD7DF79", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate."}, {"lang": "es", "value": "La implementaci\u00f3n POP3-over-SSL en getmail 4.0.0 hasta 4.44.0 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores POP3 y obtener informaci\u00f3n sensible a trav\u00e9s de un certificado manipulado."}], "id": "CVE-2014-7275", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-10-08T01:55:05.830", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"}, {"source": "cve@mitre.org", "url": "http://openwall.com/lists/oss-security/2014/10/07/33"}, {"source": "cve@mitre.org", "url": "http://pyropus.ca/software/getmail/CHANGELOG"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/61229"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2014/dsa-3091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2014/10/07/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://pyropus.ca/software/getmail/CHANGELOG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/61229"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-3091"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}