CVE-2013-4584

MEDIUM

Perdition <2.2 - Info Disclosure

Title source: llm

Description

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections

References (6)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2013/11/15/6

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/63696

[Broken Link] https://access.redhat.com/security/cve/cve-2013-4584

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/89184

[Patch] https://github.com/horms/perdition/commit/62a0ce94aeb7dd99155882956ce9e327ab914ddf

View Patch ZIP pw:eip

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2013-4584

Scores

CVSS v3 5.9

EPSS 0.0058

EPSS Percentile 68.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-755

Status published

Affected Products (4)

horms/perdition < 2.1

debian/debian_linux

Timeline

Published Nov 15, 2019

Tracked Since Feb 18, 2026