Homepage

Return of Wrong Status Code Affecting evolution-data-server-doc package, versions <0:3.12.11-37.el7

Severity

 Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.51% (77th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL7-EVOLUTIONDATASERVERDOC-4462611
  • published26 Jul 2021
  • disclosed10 May 2016
Report a new vulnerability Found a mistake?

Introduced: 10 May 2016

CVE-2016-10727  (opens in a new tab)
CWE-393  (opens in a new tab)
CWE-201  (opens in a new tab)

How to fix?

Upgrade RHEL:7 evolution-data-server-doc to version 0:3.12.11-37.el7 or higher.
This issue was patched in RHBA-2016:2206.

NVD Description

Note: Versions mentioned in the description apply only to the upstream evolution-data-server-doc package and not the evolution-data-server-doc package as distributed by RHEL. See How to fix? for RHEL:7 relevant fixed versions and status.

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.