Unrated severityNVD Advisory· Published Apr 16, 2007· Updated Jun 16, 2026
CVE-2007-1558
CVE-2007-1558
Description
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/claws-mail&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/fetchmail&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mpop&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mutt&distro=openSUSE%20Tumbleweed
< 4.0.0-2.5+ 3 more
- (no CPE)range: < 4.0.0-2.5
- (no CPE)range: < 6.4.21-2.1
- (no CPE)range: < 1.4.14-1.1
- (no CPE)range: < 2.0.7-2.2
Patches
Vulnerability mechanics
References
73- www.debian.org/security/2007/dsa-1305nvdPatch
- www.mozilla.org/security/announce/2007/mfsa2007-15.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/23257nvdPatch
- secunia.com/advisories/25402nvdVendor Advisory
- secunia.com/advisories/25496nvdVendor Advisory
- secunia.com/advisories/25529nvdVendor Advisory
- secunia.com/advisories/25546nvdVendor Advisory
- www.securityfocus.com/archive/1/464477/30/0/threadednvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA07-151A.htmlnvdUS Government Resource
- patches.sgi.com/support/free/security/advisories/20070602-01-P.ascnvd
- balsa.gnome.org/download.htmlnvd
- docs.info.apple.com/article.htmlnvd
- fetchmail.berlios.de/fetchmail-SA-2007-01.txtnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce/2007/May/msg00004.htmlnvd
- mail.gnome.org/archives/balsa-list/2007-July/msg00000.htmlnvd
- secunia.com/advisories/25353nvd
- secunia.com/advisories/25476nvd
- secunia.com/advisories/25534nvd
- secunia.com/advisories/25559nvd
- secunia.com/advisories/25664nvd
- secunia.com/advisories/25750nvd
- secunia.com/advisories/25798nvd
- secunia.com/advisories/25858nvd
- secunia.com/advisories/25894nvd
- secunia.com/advisories/26083nvd
- secunia.com/advisories/26415nvd
- secunia.com/advisories/35699nvd
- security.gentoo.org/glsa/glsa-200706-06.xmlnvd
- slackware.com/security/viewer.phpnvd
- sourceforge.net/forum/forum.phpnvd
- sylpheed.sraoss.jp/en/news.htmlnvd
- www.claws-mail.org/news.phpnvd
- www.debian.org/security/2007/dsa-1300nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_14_sr.htmlnvd
- www.novell.com/linux/security/advisories/2007_36_mozilla.htmlnvd
- www.openwall.com/lists/oss-security/2009/08/15/1nvd
- www.openwall.com/lists/oss-security/2009/08/18/1nvd
- www.redhat.com/support/errata/RHSA-2007-0344.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0353.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0385.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0386.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0401.htmlnvd
- www.redhat.com/support/errata/RHSA-2007-0402.htmlnvd
- www.redhat.com/support/errata/RHSA-2009-1140.htmlnvd
- www.securityfocus.com/archive/1/464569/100/0/threadednvd
- www.securityfocus.com/archive/1/470172/100/200/threadednvd
- www.securityfocus.com/archive/1/471455/100/0/threadednvd
- www.securityfocus.com/archive/1/471720/100/0/threadednvd
- www.securityfocus.com/archive/1/471842/100/0/threadednvd
- www.securitytracker.com/idnvd
- www.trustix.org/errata/2007/0019/nvd
- www.trustix.org/errata/2007/0024/nvd
- www.ubuntu.com/usn/usn-469-1nvd
- www.ubuntu.com/usn/usn-520-1nvd
- www.vupen.com/english/advisories/2007/1466nvd
- www.vupen.com/english/advisories/2007/1467nvd
- www.vupen.com/english/advisories/2007/1468nvd
- www.vupen.com/english/advisories/2007/1480nvd
- www.vupen.com/english/advisories/2007/1939nvd
- www.vupen.com/english/advisories/2007/1994nvd
- www.vupen.com/english/advisories/2007/2788nvd
- www.vupen.com/english/advisories/2008/0082nvd
- issues.rpath.com/browse/RPL-1231nvd
- issues.rpath.com/browse/RPL-1232nvd
- issues.rpath.com/browse/RPL-1424nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782nvd
News mentions
0No linked articles in our index yet.