Home > Vulnerability Database > CVE-2007-1558

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-1558

Date: April 16, 2007

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Severity Score

3.7

Related Resources (78)

Url: http://www.redhat.com/support/errata/RHSA-2009-1140.html

Url: http://www.securityfocus.com/archive/1/471842/100/0/threaded

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-1558

Url: http://lists.apple.com/archives/security-announce/2007/May/msg00004.html

Url: https://access.redhat.com/security/cve/CVE-2007-1558

Url: http://www.redhat.com/support/errata/RHSA-2007-0385.html

Url: http://www.novell.com/linux/security/advisories/2007_36_mozilla.html

Url: http://www.securitytracker.com/id?1018008

Url: http://www.openwall.com/lists/oss-security/2009/08/18/1

Url: http://www.redhat.com/support/errata/RHSA-2007-0401.html

Url: http://www.vupen.com/english/advisories/2007/1466

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:107

Url: http://www.trustix.org/errata/2007/0019/

Url: http://sourceforge.net/forum/forum.php?forum_id=683706

Url: http://www.claws-mail.org/news.php

Url: http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt

Url: http://www.vupen.com/english/advisories/2007/2788

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:113

Url: http://secunia.com/advisories/25858

Url: http://www.ubuntu.com/usn/usn-520-1

Url: http://www.novell.com/linux/security/advisories/2007_14_sr.html

Url: http://secunia.com/advisories/25496

Url: http://www.vupen.com/english/advisories/2007/1939

Url: http://www.securityfocus.com/archive/1/471455/100/0/threaded

Url: http://www.securityfocus.com/archive/1/470172/100/200/threaded

Url: http://secunia.com/advisories/25534

Url: http://secunia.com/advisories/25894

Url: http://secunia.com/advisories/26083

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

Url: http://secunia.com/advisories/35699

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

Url: http://www.trustix.org/errata/2007/0024/

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:119

Url: http://www.redhat.com/support/errata/RHSA-2007-0344.html

Url: http://secunia.com/advisories/25546

Url: http://www.openwall.com/lists/oss-security/2009/08/15/1

Url: http://sylpheed.sraoss.jp/en/news.html

Url: http://www.securityfocus.com/archive/1/464569/100/0/threaded

Url: http://www.securityfocus.com/archive/1/471720/100/0/threaded

Url: https://security-tracker.debian.org/tracker/CVE-2007-1558

Url: http://www.redhat.com/support/errata/RHSA-2007-0402.html

Url: http://secunia.com/advisories/25664

Url: http://www.debian.org/security/2007/dsa-1305

Url: http://www.vupen.com/english/advisories/2007/1480

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-1558

Url: https://issues.rpath.com/browse/RPL-1424

Url: http://www.debian.org/security/2007/dsa-1300

Url: http://balsa.gnome.org/download.html

Url: http://secunia.com/advisories/25559

Url: http://www.vupen.com/english/advisories/2008/0082

Url: http://www.mozilla.org/security/announce/2007/mfsa2007-15.html

Url: http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html

Url: http://secunia.com/advisories/25353

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:131

Url: http://secunia.com/advisories/25750

Url: http://secunia.com/advisories/25798

Url: http://www.ubuntu.com/usn/usn-469-1

Url: http://secunia.com/advisories/25476

Url: http://www.redhat.com/support/errata/RHSA-2007-0353.html

Url: http://www.securityfocus.com/bid/23257

Url: ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

Url: http://docs.info.apple.com/article.html?artnum=305530

Url: https://issues.rpath.com/browse/RPL-1231

Url: http://www.vupen.com/english/advisories/2007/1994

Url: https://issues.rpath.com/browse/RPL-1232

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:105

Url: http://www.securityfocus.com/archive/1/464477/30/0/threaded

Url: http://www.vupen.com/english/advisories/2007/1467

Url: http://www.redhat.com/support/errata/RHSA-2007-0386.html

Url: http://www.vupen.com/english/advisories/2007/1468

Url: http://secunia.com/advisories/26415

Url: http://secunia.com/advisories/25529

Url: http://security.gentoo.org/glsa/glsa-200706-06.xml

Url: http://www.us-cert.gov/cas/techalerts/TA07-151A.html

Url: http://secunia.com/advisories/25402

Url: https://www.mend.io/vulnerability-database/CVE-2007-1558

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us