Vulnerability Details : CVE-2014-3430
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
Vulnerability category: BypassGain privilegeDenial of service
Products affected by CVE-2014-3430
- cpe:2.3:a:dovecot:dovecot:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2:rc7:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2:rc3:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2:rc5:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2:rc4:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2:rc6:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1:rc6:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1:rc7:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1:rc3:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1:rc5:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.13:rc1:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:dovecot:dovecot:2.2.7:*:*:*:*:*:*:*
Threat overview for CVE-2014-3430
Top countries where our scanners detected CVE-2014-3430
Top open port discovered on systems with this issue
993
IPs affected by CVE-2014-3430 803
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-3430!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-3430
9.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3430
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-3430
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3430
-
http://www.ubuntu.com/usn/USN-2213-1
USN-2213-1: Dovecot vulnerability | Ubuntu security notices
-
http://secunia.com/advisories/59537
Sign in
-
http://advisories.mageia.org/MGASA-2014-0223.html
Mageia Advisory: MGASA-2014-0223 - Updated dovecot packages fix security vulnerability
-
http://linux.oracle.com/errata/ELSA-2014-0790.html
linux.oracle.com | ELSA-2014-0790
-
http://www.openwall.com/lists/oss-security/2014/05/09/4
oss-security - CVE request: Denial of Service attacks against Dovecot v1.1+Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:113
mandriva.com
-
http://www.debian.org/security/2014/dsa-2954
Debian -- Security Information -- DSA-2954-1 dovecot
-
http://rhn.redhat.com/errata/RHSA-2014-0790.html
RHSA-2014:0790 - Security Advisory - Red Hat Customer Portal
-
http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
Patch
-
http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html
[Dovecot-news] v2.2.13 releasedPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/67306
Dovecot Denial of Service Vulnerability
-
http://www.openwall.com/lists/oss-security/2014/05/09/8
oss-security - Re: CVE request: Denial of Service attacks against Dovecot v1.1+
-
http://secunia.com/advisories/59552
Sign in
Jump to