Lucene search

MitreCVELIST:CVE-2007-1558

HistoryApr 16, 2007 - 10:00 p.m.

CVE-2007-1558

2007-04-1622:00:00

mitre

www.cve.org

AI Score

7.7

Confidence

High

EPSS

0.088

Percentile

94.6%

JSON

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

References

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

balsa.gnome.org/download.html

docs.info.apple.com/article.html?artnum=305530

fetchmail.berlios.de/fetchmail-SA-2007-01.txt

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

lists.apple.com/archives/security-announce/2007/May/msg00004.html

mail.gnome.org/archives/balsa-list/2007-July/msg00000.html

secunia.com/advisories/25353

secunia.com/advisories/25402

secunia.com/advisories/25476

secunia.com/advisories/25496

secunia.com/advisories/25529

secunia.com/advisories/25534

secunia.com/advisories/25546

secunia.com/advisories/25559

secunia.com/advisories/25664

secunia.com/advisories/25750

secunia.com/advisories/25798

secunia.com/advisories/25858

secunia.com/advisories/25894

secunia.com/advisories/26083

secunia.com/advisories/26415

secunia.com/advisories/35699

security.gentoo.org/glsa/glsa-200706-06.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

sourceforge.net/forum/forum.php?forum_id=683706

sylpheed.sraoss.jp/en/news.html

www.claws-mail.org/news.php

www.debian.org/security/2007/dsa-1300

www.debian.org/security/2007/dsa-1305

www.mandriva.com/security/advisories?name=MDKSA-2007:105

www.mandriva.com/security/advisories?name=MDKSA-2007:107

www.mandriva.com/security/advisories?name=MDKSA-2007:113

www.mandriva.com/security/advisories?name=MDKSA-2007:119

www.mandriva.com/security/advisories?name=MDKSA-2007:131

www.mozilla.org/security/announce/2007/mfsa2007-15.html

www.novell.com/linux/security/advisories/2007_14_sr.html

www.novell.com/linux/security/advisories/2007_36_mozilla.html

www.openwall.com/lists/oss-security/2009/08/15/1

www.openwall.com/lists/oss-security/2009/08/18/1

www.redhat.com/support/errata/RHSA-2007-0344.html

www.redhat.com/support/errata/RHSA-2007-0353.html

www.redhat.com/support/errata/RHSA-2007-0385.html

www.redhat.com/support/errata/RHSA-2007-0386.html

www.redhat.com/support/errata/RHSA-2007-0401.html

www.redhat.com/support/errata/RHSA-2007-0402.html

www.redhat.com/support/errata/RHSA-2009-1140.html

www.securityfocus.com/archive/1/464477/30/0/threaded

www.securityfocus.com/archive/1/464569/100/0/threaded

www.securityfocus.com/archive/1/470172/100/200/threaded

www.securityfocus.com/archive/1/471455/100/0/threaded

www.securityfocus.com/archive/1/471720/100/0/threaded

www.securityfocus.com/archive/1/471842/100/0/threaded

www.securityfocus.com/bid/23257

www.securitytracker.com/id?1018008

www.trustix.org/errata/2007/0019/

www.trustix.org/errata/2007/0024/

www.ubuntu.com/usn/usn-469-1

www.ubuntu.com/usn/usn-520-1

www.us-cert.gov/cas/techalerts/TA07-151A.html

www.vupen.com/english/advisories/2007/1466

www.vupen.com/english/advisories/2007/1467

www.vupen.com/english/advisories/2007/1468

www.vupen.com/english/advisories/2007/1480

www.vupen.com/english/advisories/2007/1939

www.vupen.com/english/advisories/2007/1994

www.vupen.com/english/advisories/2007/2788

www.vupen.com/english/advisories/2008/0082

issues.rpath.com/browse/RPL-1231

issues.rpath.com/browse/RPL-1232

issues.rpath.com/browse/RPL-1424

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782