CVE-2007-1558

EPSS 2.42%
Veröffentlicht 16.04.2007 22:19:00
Zuletzt bearbeitet 16.06.2026 22:37:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions.  NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 76

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apop Protocol ≫ Apop Protocol

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.42%	0.82

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

http://secunia.com/advisories/25894

http://docs.info.apple.com/article.html?artnum=305530

http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

http://secunia.com/advisories/25402

Vendor Advisory

http://www.vupen.com/english/advisories/2007/1939

http://secunia.com/advisories/26083

http://www.novell.com/linux/security/advisories/2007_14_sr.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

http://secunia.com/advisories/25529

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-0386.html

http://secunia.com/advisories/25476

http://secunia.com/advisories/25858

http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

http://www.redhat.com/support/errata/RHSA-2007-0402.html

http://www.securityfocus.com/archive/1/470172/100/200/threaded

https://issues.rpath.com/browse/RPL-1424

http://balsa.gnome.org/download.html

http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html

http://secunia.com/advisories/25353

http://secunia.com/advisories/25496

Vendor Advisory

http://secunia.com/advisories/25534

http://secunia.com/advisories/25546

Vendor Advisory

http://secunia.com/advisories/25559

http://secunia.com/advisories/25664

http://secunia.com/advisories/25750

http://secunia.com/advisories/25798

http://secunia.com/advisories/26415

http://secunia.com/advisories/35699

http://security.gentoo.org/glsa/glsa-200706-06.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

http://sourceforge.net/forum/forum.php?forum_id=683706

http://sylpheed.sraoss.jp/en/news.html

http://www.claws-mail.org/news.php

http://www.debian.org/security/2007/dsa-1300

http://www.debian.org/security/2007/dsa-1305

Patch

http://www.mandriva.com/security/advisories?name=MDKSA-2007:105

http://www.mandriva.com/security/advisories?name=MDKSA-2007:107

http://www.mandriva.com/security/advisories?name=MDKSA-2007:113

http://www.mandriva.com/security/advisories?name=MDKSA-2007:119

http://www.mandriva.com/security/advisories?name=MDKSA-2007:131

http://www.mozilla.org/security/announce/2007/mfsa2007-15.html

Patch

Vendor Advisory

http://www.openwall.com/lists/oss-security/2009/08/15/1

http://www.openwall.com/lists/oss-security/2009/08/18/1

http://www.redhat.com/support/errata/RHSA-2007-0344.html

http://www.redhat.com/support/errata/RHSA-2007-0353.html

http://www.redhat.com/support/errata/RHSA-2007-0385.html

http://www.redhat.com/support/errata/RHSA-2007-0401.html

http://www.redhat.com/support/errata/RHSA-2009-1140.html

http://www.securityfocus.com/archive/1/464477/30/0/threaded

Vendor Advisory

http://www.securityfocus.com/archive/1/464569/100/0/threaded

http://www.securityfocus.com/archive/1/471455/100/0/threaded

http://www.securityfocus.com/archive/1/471720/100/0/threaded

http://www.securityfocus.com/archive/1/471842/100/0/threaded

http://www.securityfocus.com/bid/23257

Patch

http://www.securitytracker.com/id?1018008

http://www.trustix.org/errata/2007/0019/

http://www.trustix.org/errata/2007/0024/

http://www.ubuntu.com/usn/usn-469-1

http://www.ubuntu.com/usn/usn-520-1

http://www.us-cert.gov/cas/techalerts/TA07-151A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/1466

http://www.vupen.com/english/advisories/2007/1467

http://www.vupen.com/english/advisories/2007/1468

http://www.vupen.com/english/advisories/2007/1480

http://www.vupen.com/english/advisories/2007/1994

http://www.vupen.com/english/advisories/2007/2788

http://www.vupen.com/english/advisories/2008/0082

https://issues.rpath.com/browse/RPL-1231

https://issues.rpath.com/browse/RPL-1232

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782

https://nvd.nist.gov/vuln/detail/CVE-2007-1558

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1558

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1558

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-1558