Vulnerability Description
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sourceforge | Putmail | .8 |
References
- http://osvdb.org/33764
- http://putmail.sourceforge.net/home.html
- http://secunia.com/advisories/24266Vendor Advisory
- http://www.securityfocus.com/bid/22718
- http://www.vupen.com/english/advisories/2007/0753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32689
- http://osvdb.org/33764
- http://putmail.sourceforge.net/home.html
- http://secunia.com/advisories/24266Vendor Advisory
- http://www.securityfocus.com/bid/22718
- http://www.vupen.com/english/advisories/2007/0753
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32689
FAQ
What is CVE-2007-1137?
CVE-2007-1137 is a vulnerability with a CVSS score of 5.0 (MEDIUM). putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while th...
How severe is CVE-2007-1137?
CVE-2007-1137 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1137?
Check the references section above for vendor advisories and patch information. Affected products include: Sourceforge Putmail.