Search for vulnerabilities
Vulnerability details: VCID-yncr-147p-aaaa
Vulnerability ID VCID-yncr-147p-aaaa
Aliases CVE-2007-1558
Summary The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0344
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0353
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0385
rhas Moderate https://access.redhat.com/errata/RHSA-2007:0386
rhas Critical https://access.redhat.com/errata/RHSA-2007:0401
rhas Critical https://access.redhat.com/errata/RHSA-2007:0402
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1140
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.03612 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.06475 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.0854 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.08844 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.13682 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.42776 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.42776 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.42776 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
epss 0.42776 https://api.first.org/data/v1/epss?cve=CVE-2007-1558
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=241191
cvssv2 2.6 https://nvd.nist.gov/vuln/detail/CVE-2007-1558
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2007-15
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://balsa.gnome.org/download.html
http://docs.info.apple.com/article.html?artnum=305530
http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json
https://api.first.org/data/v1/epss?cve=CVE-2007-1558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558
http://secunia.com/advisories/25353
http://secunia.com/advisories/25402
http://secunia.com/advisories/25476
http://secunia.com/advisories/25496
http://secunia.com/advisories/25529
http://secunia.com/advisories/25534
http://secunia.com/advisories/25546
http://secunia.com/advisories/25559
http://secunia.com/advisories/25664
http://secunia.com/advisories/25750
http://secunia.com/advisories/25798
http://secunia.com/advisories/25858
http://secunia.com/advisories/25894
http://secunia.com/advisories/26083
http://secunia.com/advisories/26415
http://secunia.com/advisories/35699
http://security.gentoo.org/glsa/glsa-200706-06.xml
https://issues.rpath.com/browse/RPL-1231
https://issues.rpath.com/browse/RPL-1232
https://issues.rpath.com/browse/RPL-1424
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
http://sourceforge.net/forum/forum.php?forum_id=683706
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782
http://sylpheed.sraoss.jp/en/news.html
http://www.claws-mail.org/news.php
http://www.debian.org/security/2007/dsa-1300
http://www.debian.org/security/2007/dsa-1305
http://www.mandriva.com/security/advisories?name=MDKSA-2007:105
http://www.mandriva.com/security/advisories?name=MDKSA-2007:107
http://www.mandriva.com/security/advisories?name=MDKSA-2007:113
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://www.mozilla.org/security/announce/2007/mfsa2007-15.html
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.openwall.com/lists/oss-security/2009/08/15/1
http://www.openwall.com/lists/oss-security/2009/08/18/1
http://www.redhat.com/support/errata/RHSA-2007-0344.html
http://www.redhat.com/support/errata/RHSA-2007-0353.html
http://www.redhat.com/support/errata/RHSA-2007-0385.html
http://www.redhat.com/support/errata/RHSA-2007-0386.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securityfocus.com/archive/1/464477/30/0/threaded
http://www.securityfocus.com/archive/1/464569/100/0/threaded
http://www.securityfocus.com/archive/1/470172/100/200/threaded
http://www.securityfocus.com/archive/1/471455/100/0/threaded
http://www.securityfocus.com/archive/1/471720/100/0/threaded
http://www.securityfocus.com/archive/1/471842/100/0/threaded
http://www.securityfocus.com/bid/23257
http://www.securitytracker.com/id?1018008
http://www.trustix.org/errata/2007/0019/
http://www.trustix.org/errata/2007/0024/
http://www.ubuntu.com/usn/usn-469-1
http://www.ubuntu.com/usn/usn-520-1
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
http://www.vupen.com/english/advisories/2007/1466
http://www.vupen.com/english/advisories/2007/1467
http://www.vupen.com/english/advisories/2007/1468
http://www.vupen.com/english/advisories/2007/1480
http://www.vupen.com/english/advisories/2007/1939
http://www.vupen.com/english/advisories/2007/1994
http://www.vupen.com/english/advisories/2007/2788
http://www.vupen.com/english/advisories/2008/0082
241191 https://bugzilla.redhat.com/show_bug.cgi?id=241191
cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*
CVE-2007-1558 https://nvd.nist.gov/vuln/detail/CVE-2007-1558
GLSA-200706-06 https://security.gentoo.org/glsa/200706-06
mfsa2007-15 https://www.mozilla.org/en-US/security/advisories/mfsa2007-15
RHSA-2007:0344 https://access.redhat.com/errata/RHSA-2007:0344
RHSA-2007:0353 https://access.redhat.com/errata/RHSA-2007:0353
RHSA-2007:0385 https://access.redhat.com/errata/RHSA-2007:0385
RHSA-2007:0386 https://access.redhat.com/errata/RHSA-2007:0386
RHSA-2007:0401 https://access.redhat.com/errata/RHSA-2007:0401
RHSA-2007:0402 https://access.redhat.com/errata/RHSA-2007:0402
RHSA-2009:1140 https://access.redhat.com/errata/RHSA-2009:1140
USN-469-1 https://usn.ubuntu.com/469-1/
USN-520-1 https://usn.ubuntu.com/520-1/
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1558
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87212
EPSS Score 0.03612
Published At June 5, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.