CVE-2007-1137
Summary
| CVE | CVE-2007-1137 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-03-02 21:18:00 UTC |
| Updated | 2017-07-29 01:30:00 UTC |
| Description | putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sourceforge | Putmail | .10 | All | All | All |
| Application | Sourceforge | Putmail | .11 | All | All | All |
| Application | Sourceforge | Putmail | .12 | All | All | All |
| Application | Sourceforge | Putmail | .8 | All | All | All |
| Application | Sourceforge | Putmail | .9 | All | All | All |
| Application | Sourceforge | Putmail | 1.0 | All | All | All |
| Application | Sourceforge | Putmail | 1.1 | All | All | All |
| Application | Sourceforge | Putmail | 1.2 | All | All | All |
| Application | Sourceforge | Putmail | 1.3 | All | All | All |
| Application | Sourceforge | Putmail | .10 | All | All | All |
| Application | Sourceforge | Putmail | .11 | All | All | All |
| Application | Sourceforge | Putmail | .12 | All | All | All |
| Application | Sourceforge | Putmail | .8 | All | All | All |
| Application | Sourceforge | Putmail | .9 | All | All | All |
| Application | Sourceforge | Putmail | 1.0 | All | All | All |
| Application | Sourceforge | Putmail | 1.1 | All | All | All |
| Application | Sourceforge | Putmail | 1.2 | All | All | All |
| Application | Sourceforge | Putmail | 1.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Putmail Home | CONFIRM | putmail.sourceforge.net | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Security Advisory SA24266 - Putmail TLS Authentication Security Issue - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| 33764 | OSVDB | osvdb.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Putmail Improper Authentication Weakness | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.