Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3430

Опубликовано: 09 мая 2014
Источник: redhat
CVSS2: 5
EPSS Низкий

Описание

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

Отчет

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5dovecotWill not fix
Red Hat Enterprise Linux 6dovecotFixedRHSA-2014:079025.06.2014
Red Hat Enterprise Linux 7dovecotFixedRHSA-2014:079025.06.2014

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1096402dovecot: denial of service through maxxing out SSL connections

EPSS

Процентиль: 89%
0.04797
Низкий

5 Medium

CVSS2

Связанные уязвимости

ubuntu
около 11 лет назад

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

nvd
около 11 лет назад

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

debian
около 11 лет назад

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x befo ...

github
около 3 лет назад

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.

oracle-oval
около 11 лет назад

ELSA-2014-0790: dovecot security update (MODERATE)

EPSS

Процентиль: 89%
0.04797
Низкий

5 Medium

CVSS2