Lucene search

Veracode Vulnerability DatabaseVERACODE:23058

HistoryApr 10, 2020 - 12:14 a.m.

Information Disclosure

2020-04-1000:14:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

fetchmail is vulnerable to information disclosure. A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user’s authentication credentials.

CPENameOperatorVersion
fetchmaileq6.2.5__6.el4.2
fetchmaileq6.2.5__6.el4.5
fetchmaileq6.3.6__1.el5
mutteq1.4.1__11.rhel4
mutteq1.4.1__3.5.rhel3
mutteq1.4.1__12.el4
mutteq1.4.2.2__3.el5
evolution-data-servereq1.8.0__15.0.2.el5
evolution-data-servereq1.8.0__15.el5
evolutioneq1.4.5__19.el3

Name	Operator	Version
fetchmail	eq	6.2.5__6.el4.2
fetchmail	eq	6.2.5__6.el4.5
fetchmail	eq	6.3.6__1.el5
mutt	eq	1.4.1__11.rhel4
mutt	eq	1.4.1__3.5.rhel3
mutt	eq	1.4.1__12.el4
mutt	eq	1.4.2.2__3.el5
evolution-data-server	eq	1.8.0__15.0.2.el5
evolution-data-server	eq	1.8.0__15.el5
evolution	eq	1.4.5__19.el3

Rows per page:

1-10 of 841

References

balsa.gnome.org/download.html

docs.info.apple.com/article.html?artnum=305530

fetchmail.berlios.de/fetchmail-SA-2007-01.txt

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579

lists.apple.com/archives/security-announce/2007/May/msg00004.html

mail.gnome.org/archives/balsa-list/2007-July/msg00000.html

secunia.com/advisories/25353

secunia.com/advisories/25402

secunia.com/advisories/25476

secunia.com/advisories/25496

secunia.com/advisories/25529

secunia.com/advisories/25534

secunia.com/advisories/25546

secunia.com/advisories/25559

secunia.com/advisories/25664

secunia.com/advisories/25750

secunia.com/advisories/25798

secunia.com/advisories/25858

secunia.com/advisories/25894

secunia.com/advisories/26083

secunia.com/advisories/26415

secunia.com/advisories/35699

security.gentoo.org/glsa/glsa-200706-06.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857

sourceforge.net/forum/forum.php?forum_id=683706

sylpheed.sraoss.jp/en/news.html

www.claws-mail.org/news.php

www.debian.org/security/2007/dsa-1300

www.debian.org/security/2007/dsa-1305

www.mandriva.com/security/advisories?name=MDKSA-2007:105

www.mandriva.com/security/advisories?name=MDKSA-2007:107

www.mandriva.com/security/advisories?name=MDKSA-2007:113

www.mandriva.com/security/advisories?name=MDKSA-2007:119

www.mandriva.com/security/advisories?name=MDKSA-2007:131

www.mozilla.org/security/announce/2007/mfsa2007-15.html

www.novell.com/linux/security/advisories/2007_14_sr.html

www.novell.com/linux/security/advisories/2007_36_mozilla.html

www.openwall.com/lists/oss-security/2009/08/15/1

www.openwall.com/lists/oss-security/2009/08/18/1

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2007-0344.html

www.redhat.com/support/errata/RHSA-2007-0353.html

www.redhat.com/support/errata/RHSA-2007-0385.html

www.redhat.com/support/errata/RHSA-2007-0386.html

www.redhat.com/support/errata/RHSA-2007-0401.html

www.redhat.com/support/errata/RHSA-2007-0402.html

www.redhat.com/support/errata/RHSA-2009-1140.html

www.securityfocus.com/archive/1/464477/30/0/threaded

www.securityfocus.com/archive/1/464569/100/0/threaded

www.securityfocus.com/archive/1/470172/100/200/threaded

www.securityfocus.com/archive/1/471455/100/0/threaded

www.securityfocus.com/archive/1/471720/100/0/threaded

www.securityfocus.com/archive/1/471842/100/0/threaded

www.securityfocus.com/bid/23257

www.securitytracker.com/id?1018008

www.trustix.org/errata/2007/0019/

www.trustix.org/errata/2007/0024/

www.ubuntu.com/usn/usn-469-1

www.ubuntu.com/usn/usn-520-1

www.us-cert.gov/cas/techalerts/TA07-151A.html

www.vupen.com/english/advisories/2007/1466

www.vupen.com/english/advisories/2007/1467

www.vupen.com/english/advisories/2007/1468

www.vupen.com/english/advisories/2007/1480

www.vupen.com/english/advisories/2007/1939

www.vupen.com/english/advisories/2007/1994

www.vupen.com/english/advisories/2007/2788

www.vupen.com/english/advisories/2008/0082

access.redhat.com/errata/RHSA-2007:0385

issues.rpath.com/browse/RPL-1231

issues.rpath.com/browse/RPL-1232

issues.rpath.com/browse/RPL-1424

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:23058