4.3

CVE-2007-3754

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleIphone Version1.0
AppleiPhone OS Version1.0.1
AppleiPhone OS Version1.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.84% 0.762
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://docs.info.apple.com/article.html?artnum=306586
http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html
Patch
http://secunia.com/advisories/26983
http://securitytracker.com/id?1018752
http://www.vupen.com/english/advisories/2007/3287
http://osvdb.org/38537
http://www.securityfocus.com/bid/25856
https://exchange.xforce.ibmcloud.com/vulnerabilities/36845