Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/3126?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3126?format=api", "vulnerability_id": "VCID-n6na-y3zc-eqa2", "summary": "Gaƫtan Leurent informed us of a weakness in APOP\nauthentication that could allow an attacker to recover the first\npart of your mail password if the attacker could interpose\na malicious mail server on your network masquerading as your legitimate\nmail server. With normal settings it could take several hours for\nthe attacker to gather enough data to recover just a few characters\nof the password. This result was presented at the\nFast Software Encryption 2007 conference.In a rump session at the same conference a team from The University of\nElectro-Communications claimed that a variant on the same hash-collision\nattack allowed them to recover a 31 character password.Fixed versions of Thunderbird and SeaMonkey mail prevent this\ntechnique by stricter enforcement of the Message-ID format used\nby APOP.POP mail accounts which do not use any authentication are\ncommon and in the same hypothetical situation the password could\nbe recovered immediately without any special programming on the\nattacker's part.", "aliases": [ { "alias": "CVE-2007-1558" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6371?format=api", "purl": "pkg:deb/debian/balsa@2.3.25-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.25-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6306?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.9~rc2-4%2Blenny2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.9~rc2-4%252Blenny2" }, { "url": "http://public2.vulnerablecode.io/api/packages/6466?format=api", "purl": "pkg:deb/debian/mailfilter@0.8.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.8.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4947?format=api", "purl": "pkg:deb/debian/mutt@1.5.18-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.18-6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1260?format=api", "purl": "pkg:mozilla/SeaMonkey@1.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1261?format=api", "purl": "pkg:mozilla/SeaMonkey@1.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.1.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6365?format=api", "purl": "pkg:deb/debian/balsa@0.4.6.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@0.4.6.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6366?format=api", "purl": "pkg:deb/debian/balsa@0.6.0-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@0.6.0-1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6367?format=api", "purl": "pkg:deb/debian/balsa@1.2.4-2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@1.2.4-2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/6368?format=api", "purl": "pkg:deb/debian/balsa@2.3.0-2sarge1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.0-2sarge1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6369?format=api", "purl": "pkg:deb/debian/balsa@2.3.13-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.13-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/6370?format=api", "purl": "pkg:deb/debian/balsa@2.3.13-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/balsa@2.3.13-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6299?format=api", "purl": "pkg:deb/debian/fetchmail@4.3.9-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@4.3.9-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6300?format=api", "purl": "pkg:deb/debian/fetchmail@4.6.4-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@4.6.4-1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6301?format=api", "purl": "pkg:deb/debian/fetchmail@5.3.3-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@5.3.3-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6302?format=api", "purl": "pkg:deb/debian/fetchmail@5.9.11-6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@5.9.11-6.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/6303?format=api", "purl": "pkg:deb/debian/fetchmail@6.2.5-12sarge5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5-12sarge5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6304?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6305?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1etch3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1etch3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6462?format=api", "purl": "pkg:deb/debian/mailfilter@0.3.3-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.3.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6463?format=api", "purl": "pkg:deb/debian/mailfilter@0.6.2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.6.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/6464?format=api", "purl": "pkg:deb/debian/mailfilter@0.6.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.6.2-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/6465?format=api", "purl": "pkg:deb/debian/mailfilter@0.8.1-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-n6na-y3zc-eqa2" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mailfilter@0.8.1-1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4940?format=api", "purl": "pkg:deb/debian/mutt@0.91.2-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@0.91.2-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/4941?format=api", "purl": "pkg:deb/debian/mutt@0.95.3-0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@0.95.3-0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/4942?format=api", "purl": "pkg:deb/debian/mutt@1.2.5-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.2.5-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/4943?format=api", "purl": "pkg:deb/debian/mutt@1.3.28-2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.3.28-2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/4944?format=api", "purl": "pkg:deb/debian/mutt@1.5.9-2sarge2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.9-2sarge2" }, { "url": "http://public2.vulnerablecode.io/api/packages/4945?format=api", "purl": "pkg:deb/debian/mutt@1.5.13-1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.13-1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/4946?format=api", "purl": "pkg:deb/debian/mutt@1.5.13-1.1etch1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-29an-2kma-fuf4" }, { "vulnerability": "VCID-2bm9-4ums-1ydg" }, { "vulnerability": "VCID-3uy8-vqh9-r3hh" }, { "vulnerability": "VCID-5ctn-49r3-nba2" }, { "vulnerability": "VCID-7ta6-tmu9-qkes" }, { "vulnerability": "VCID-8qj4-efgv-cfa1" }, { "vulnerability": "VCID-9e6v-c62e-rfcm" }, { "vulnerability": "VCID-9faq-7ug9-2qfz" }, { "vulnerability": "VCID-d3um-x65k-wkcw" }, { "vulnerability": "VCID-dhda-7ss4-p7fz" }, { "vulnerability": "VCID-f56e-963w-gka8" }, { "vulnerability": "VCID-hf2r-ve96-xfeb" }, { "vulnerability": "VCID-ka9r-zy4r-kfhn" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-paz7-2kzy-hbb3" }, { "vulnerability": "VCID-shkc-6sp1-k3g7" }, { "vulnerability": "VCID-v7r1-m3qa-pke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.13-1.1etch1" } ], "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558", "reference_id": "CVE-2007-1558", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-15", "reference_id": "mfsa2007-15", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-15" } ], "weaknesses": [], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6na-y3zc-eqa2" }