7.8
CVE-2006-5867
- EPSS 4.26%
- Veröffentlicht 31.12.2006 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:32:02
- CVE-Watchlists
- Unerledigt
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.26% | 0.898 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
http://secunia.com/advisories/24007
http://secunia.com/advisories/24284
http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0018.html
http://docs.info.apple.com/article.html?artnum=305391
http://lists.apple.com/archives/Security-announce/2007/Apr/msg00001.html
http://secunia.com/advisories/24966
http://www.us-cert.gov/cas/techalerts/TA07-109A.html
http://www.vupen.com/english/advisories/2007/1470
http://fedoranews.org/cms/node/2429
http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt
http://osvdb.org/31580
http://secunia.com/advisories/23631
http://secunia.com/advisories/23695
http://secunia.com/advisories/23714
http://secunia.com/advisories/23781
http://secunia.com/advisories/23804
http://secunia.com/advisories/23838
http://secunia.com/advisories/23923
http://secunia.com/advisories/24151
http://secunia.com/advisories/24174
http://security.gentoo.org/glsa/glsa-200701-13.xml
http://securitytracker.com/id?1017478
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995
http://www.debian.org/security/2007/dsa-1259
http://www.mandriva.com/security/advisories?name=MDKSA-2007:016
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html
http://www.securityfocus.com/archive/1/456115/100/0/threaded
http://www.securityfocus.com/archive/1/460528/100/0/threaded
http://www.securityfocus.com/bid/21903
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-405-1
http://www.vupen.com/english/advisories/2007/0087
http://www.vupen.com/english/advisories/2007/0088
https://issues.rpath.com/browse/RPL-919
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10566