CVE-2009-3766 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3766 Interim 1 3 2021-06-09T08:51:47Z current 2021-05-30T12:48:54Z 2021-06-09T08:51:47Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3766 mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. CVE-2009-3766 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P