Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-1558
Description:The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Test IDs: 1.3.6.1.4.1.25623.1.0.58351   1.3.6.1.4.1.25623.1.0.62360   1.3.6.1.4.1.25623.1.0.58860   1.3.6.1.4.1.25623.1.0.65964   1.3.6.1.4.1.25623.1.0.58907   1.3.6.1.4.1.25623.1.0.62469   1.3.6.1.4.1.25623.1.0.59775   1.3.6.1.4.1.25623.1.0.58864   1.3.6.1.4.1.25623.1.0.59693   1.3.6.1.4.1.25623.1.0.62461   1.3.6.1.4.1.25623.1.0.59722   1.3.6.1.4.1.25623.1.0.62458   1.3.6.1.4.1.25623.1.0.58355   1.3.6.1.4.1.25623.1.0.58265   1.3.6.1.4.1.25623.1.0.59659   1.3.6.1.4.1.25623.1.0.58385   1.3.6.1.4.1.25623.1.0.58913   1.3.6.1.4.1.25623.1.0.59655   1.3.6.1.4.1.25623.1.0.58384   1.3.6.1.4.1.25623.1.0.122698   1.3.6.1.4.1.25623.1.0.122685  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-1558
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
BugTraq ID: 23257
http://www.securityfocus.com/bid/23257
Bugtraq: 20070402 APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464477/30/0/threaded
Bugtraq: 20070403 Re: APOP vulnerability (Google Search)
http://www.securityfocus.com/archive/1/464569/100/0/threaded
Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471455/100/0/threaded
Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search)
http://www.securityfocus.com/archive/1/471720/100/0/threaded
Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search)
http://www.securityfocus.com/archive/1/471842/100/0/threaded
Cert/CC Advisory: TA07-151A
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Debian Security Information: DSA-1300 (Google Search)
http://www.debian.org/security/2007/dsa-1300
Debian Security Information: DSA-1305 (Google Search)
http://www.debian.org/security/2007/dsa-1305
http://security.gentoo.org/glsa/glsa-200706-06.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061181
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061236
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
RedHat Security Advisories: RHSA-2007:0344
http://www.redhat.com/support/errata/RHSA-2007-0344.html
RedHat Security Advisories: RHSA-2007:0353
http://www.redhat.com/support/errata/RHSA-2007-0353.html
RedHat Security Advisories: RHSA-2007:0385
http://www.redhat.com/support/errata/RHSA-2007-0385.html
RedHat Security Advisories: RHSA-2007:0386
http://www.redhat.com/support/errata/RHSA-2007-0386.html
RedHat Security Advisories: RHSA-2007:0401
http://www.redhat.com/support/errata/RHSA-2007-0401.html
RedHat Security Advisories: RHSA-2007:0402
http://www.redhat.com/support/errata/RHSA-2007-0402.html
RedHat Security Advisories: RHSA-2009:1140
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securitytracker.com/id?1018008
http://secunia.com/advisories/25353
http://secunia.com/advisories/25402
http://secunia.com/advisories/25476
http://secunia.com/advisories/25496
http://secunia.com/advisories/25529
http://secunia.com/advisories/25534
http://secunia.com/advisories/25546
http://secunia.com/advisories/25559
http://secunia.com/advisories/25664
http://secunia.com/advisories/25750
http://secunia.com/advisories/25798
http://secunia.com/advisories/25858
http://secunia.com/advisories/25894
http://secunia.com/advisories/26083
http://secunia.com/advisories/26415
http://secunia.com/advisories/35699
SGI Security Advisory: 20070602-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
SuSE Security Announcement: SUSE-SA:2007:036 (Google Search)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/1468
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/1994
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082




© 1998-2021 E-Soft Inc. All rights reserved.