DEBIAN-CVE-2007-1558

Advisory lineage Upstream: 1 Downstream: 4
Upstream
CVE-2007-1558
Published: 16 Apr 2007, 22:19
Last modified:28 Apr 2026, 20:09

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Apr 2007, 22:19
Published
Vulnerability first disclosed
28 Apr 2026, 20:09
Last Modified
Vulnerability information updated

Description

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Affected Systems

  • debianbalsa

    < 2.3.17-1 | < 2.3.17-1 | < 2.3.17-1 | < 2.3.17-1

  • debianclaws-mail

    < 2.9.1-1 | < 2.9.1-1 | < 2.9.1-1 | < 2.9.1-1

  • debianfetchmail

    < 6.3.8-1 | < 6.3.8-1 | < 6.3.8-1 | < 6.3.8-1

  • debianmailfilter

    < 0.8.2-1 | < 0.8.2-1 | < 0.8.2-1 | < 0.8.2-1

  • debianmutt

    < 1.5.18-6 | < 1.5.18-6 | < 1.5.18-6 | < 1.5.18-6

References (1)