Unrated severityNVD Advisory· Published Mar 2, 2007· Updated Apr 23, 2026

CVE-2007-1137

Description

putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.

Affected products

Sourceforge/Putmail9 versions
cpe:2.3:a:sourceforge:putmail:.8:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:sourceforge:putmail:.8:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.9:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.10:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.11:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.12:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24266nvdVendor Advisory
osvdb.org/33764nvd
putmail.sourceforge.net/home.htmlnvd
www.securityfocus.com/bid/22718nvd
www.vupen.com/english/advisories/2007/0753nvd
exchange.xforce.ibmcloud.com/vulnerabilities/32689nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000