Lucene search

MitreCVE-2007-3754

HistorySep 27, 2007 - 9:17 p.m.

CVE-2007-3754

2007-09-2721:17:00

CWE-287

mitre

web.nvd.nist.gov

apple

iphone

mail

ssl

vulnerability

mitm

attack

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

74.6%

JSON

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

Affected configurations

Nvd

Node

appleiphoneMatch1.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

VendorProductVersionCPE
appleiphone1.0cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*
appleiphone_os1.0.1cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
appleiphone_os1.0.2cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone	1.0	cpe:2.3:h:apple:iphone:1.0:::::::*
apple	iphone_os	1.0.1	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
apple	iphone_os	1.0.2	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*

References

docs.info.apple.com/article.html?artnum=306586

lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

osvdb.org/38537

secunia.com/advisories/26983

securitytracker.com/id?1018752

www.securityfocus.com/bid/25856

www.vupen.com/english/advisories/2007/3287

exchange.xforce.ibmcloud.com/vulnerabilities/36845

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

74.6%

JSON

Related for CVE-2007-3754