Vulnerability DatabaseCVE-2007-1558
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2007-1558
April 16, 2007
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Related Resources (76)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://secunia.com/advisories/25496
http://www.securitytracker.com/id?1018008
http://secunia.com/advisories/25534
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://www.claws-mail.org/news.php
http://security.gentoo.org/glsa/glsa-200706-06.xml
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1939
http://secunia.com/advisories/25559
http://www.trustix.org/errata/2007/0019/
http://secunia.com/advisories/25894
http://www.vupen.com/english/advisories/2007/1467
http://www.debian.org/security/2007/dsa-1305
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.vupen.com/english/advisories/2007/1480
http://www.redhat.com/support/errata/RHSA-2007-0385.html
https://security-tracker.debian.org/tracker/CVE-2007-1558
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://secunia.com/advisories/25353
http://secunia.com/advisories/25476
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.vupen.com/english/advisories/2007/2788
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://secunia.com/advisories/26415
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.securityfocus.com/archive/1/471455/100/0/threaded
http://www.trustix.org/errata/2007/0024/
https://issues.rpath.com/browse/RPL-1424
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://secunia.com/advisories/25402
http://www.redhat.com/support/errata/RHSA-2007-0402.html
https://issues.rpath.com/browse/RPL-1231
http://www.ubuntu.com/usn/usn-520-1
http://www.securityfocus.com/archive/1/471720/100/0/threaded
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
http://sourceforge.net/forum/forum.php?forum_id=683706
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://www.securityfocus.com/archive/1/464569/100/0/threaded
http://docs.info.apple.com/article.html?artnum=305530
http://secunia.com/advisories/25546
http://sylpheed.sraoss.jp/en/news.html
http://balsa.gnome.org/download.html
http://www.securityfocus.com/archive/1/464477/30/0/threaded
http://www.vupen.com/english/advisories/2007/1994
http://secunia.com/advisories/26083
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
http://www.ubuntu.com/usn/usn-469-1
https://access.redhat.com/security/cve/CVE-2007-1558
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.vupen.com/english/advisories/2008/0082
http://www.vupen.com/english/advisories/2007/1468
http://www.securityfocus.com/bid/23257
http://www.openwall.com/lists/oss-security/2009/08/18/1
http://www.debian.org/security/2007/dsa-1300
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://secunia.com/advisories/35699
https://issues.rpath.com/browse/RPL-1232
http://secunia.com/advisories/25529
http://www.securityfocus.com/archive/1/471842/100/0/threaded
http://secunia.com/advisories/25750
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://secunia.com/advisories/25798
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-1558
http://secunia.com/advisories/25858
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://secunia.com/advisories/25664
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
2.6
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
EPSS
Base Score:
13.42