CVE-2014-2576

CVSS 6.8 - MEDIUM
Description

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

Affected Products
3
Vendor Product Version
claws-mail claws-mail All versions
opensuse opensuse 12.3
opensuse opensuse 13.1
References
http://lists.opensuse.org/opensuse-updates/2014-10...
http://seclists.org/oss-sec/2014/q1/636
http://secunia.com/advisories/60422
http://sourceforge.net/p/claws-mail/news/2014/05/c...
http://www.thewildbeast.co.uk/claws-mail/bugzilla/...
http://lists.opensuse.org/opensuse-updates/2014-10...
http://seclists.org/oss-sec/2014/q1/636
http://secunia.com/advisories/60422
http://sourceforge.net/p/claws-mail/news/2014/05/c...
http://www.thewildbeast.co.uk/claws-mail/bugzilla/...
Weakness Types
CWE-310
CVE Information
CVE ID:
CVE-2014-2576
Published:
2014-10-15
Modified:
2026-05-06
CVSS Score:
6.8
Severity:
MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Vendors
claws-mail opensuse
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL