Vulnerability Details CVE-2007-1137
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://osvdb.org/33764
- http://putmail.sourceforge.net/home.html
- http://secunia.com/advisories/24266
- http://www.securityfocus.com/bid/22718
- http://www.vupen.com/english/advisories/2007/0753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32689
- http://osvdb.org/33764
- http://putmail.sourceforge.net/home.html
- http://secunia.com/advisories/24266
- http://www.securityfocus.com/bid/22718
- http://www.vupen.com/english/advisories/2007/0753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32689
Products affected by CVE-2007-1137
-
cpe:2.3:a:sourceforge:putmail:.10
-
cpe:2.3:a:sourceforge:putmail:.11
-
cpe:2.3:a:sourceforge:putmail:.12
-
cpe:2.3:a:sourceforge:putmail:.8
-
cpe:2.3:a:sourceforge:putmail:.9
-
cpe:2.3:a:sourceforge:putmail:1.0
-
cpe:2.3:a:sourceforge:putmail:1.1
-
cpe:2.3:a:sourceforge:putmail:1.2
-
cpe:2.3:a:sourceforge:putmail:1.3