CVE-2016-9963

Опубликовано: 16 дек. 2016

Источник: redhat

CVSS3: 5.3

CVSS2: 4.3

EPSS Низкий

Описание

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

It was found that Exim leaked DKIM signing private keys to the "mainlog" log file. As a result, an attacker with access to system log files could potentially access these leaked DKIM private keys.

Отчет

This flaw does not affect the version of Exim shipped with Red Hat Enterprise Linux 5 because it is not built with DKIM (DomainKeys Identified Mail) support.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	exim	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1405322exim: Possible information disclosure to remote atacker

EPSS

Процентиль: 82%

0.01678

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-9963

CVSS3: 5.9

ubuntu

около 9 лет назад

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

CVE-2016-9963

CVSS3: 5.9

nvd

около 9 лет назад

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

CVE-2016-9963

CVSS3: 5.9

debian

около 9 лет назад

Exim before 4.87.1 might allow remote attackers to obtain the private ...

GHSA-qf64-f8r5-29m4

CVSS3: 5.9

github

больше 3 лет назад

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

openSUSE-SU-2017:2289-1

suse-cvrf

больше 8 лет назад

Security update for exim

EPSS

Процентиль: 82%

0.01678

Низкий

5.3 Medium

CVSS3

4.3 Medium

CVSS2