Lucene search

[email protected]CVE-2007-3209

HistoryJun 14, 2007 - 7:30 p.m.

CVE-2007-3209

2007-06-1419:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3209

mail notification 4.0

with_ssl

unencrypted connections

remote attackers

sensitive information

network sniffing

6.4 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.01 Low

EPSS

Percentile

83.7%

JSON

Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network.

CPENameOperatorVersion
nongnu:mail_notificationnongnu mail notificationeq4.0

CPE	Name	Operator	Version
nongnu:mail_notification	nongnu mail notification	eq	4.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=428157

osvdb.org/37205

secunia.com/advisories/25600

exchange.xforce.ibmcloud.com/vulnerabilities/34814

savannah.nongnu.org/bugs/index.php?20131

6.4 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2007-3209

prion1 debiancve1 ubuntucve1