CVE-2002-1471

Description

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.

Affected products

• ximian / evolution1.0.3 – 1.0.3
• ximian / evolution1.0.4 – 1.0.4
• ximian / evolution1.0.5 – 1.0.5
• ximian / evolution1.0.6 – 1.0.6
• ximian / evolution1.0.7 – 1.0.7
• ximian / evolution1.0.8 – 1.0.8

References

• MISChttp://www.iss.net/security_center/static/10292.php
• MISChttp://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html
• MISChttp://www.securityfocus.com/bid/5875