Описание
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1.3.2-3ubuntu0.2 |
| devel | not-affected | 1.4.2-3 |
| eoan | ignored | end of life |
| esm-apps/bionic | released | 1.3.2-3ubuntu0.2 |
| esm-apps/focal | released | 1.3.2-7ubuntu0.1 |
| esm-apps/jammy | not-affected | 1.4.2-1 |
| esm-apps/noble | not-affected | 1.4.2-3 |
| esm-apps/xenial | released | 1.3.1+dfsg-3ubuntu0.1~esm1 |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 1.3.2-7ubuntu0.1 |
Показывать по
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
Уязвимость программного обеспечения проверки подлинности и анализа электронных писем OpenDMARC, связанная с обходом аутентификации посредством спуфинга, позволяющая нарушителю оказать воздействие на целостность данных
5 Medium
CVSS2
5.3 Medium
CVSS3