Vulnerability Description
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Iphone | 1.0 |
| Apple | Iphone Os | 1.0.1 |
Related Weaknesses (CWE)
References
- http://docs.info.apple.com/article.html?artnum=306586
- http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.htmlPatch
- http://osvdb.org/38537
- http://secunia.com/advisories/26983
- http://securitytracker.com/id?1018752
- http://www.securityfocus.com/bid/25856
- http://www.vupen.com/english/advisories/2007/3287
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36845
- http://docs.info.apple.com/article.html?artnum=306586
- http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.htmlPatch
- http://osvdb.org/38537
- http://secunia.com/advisories/26983
- http://securitytracker.com/id?1018752
- http://www.securityfocus.com/bid/25856
- http://www.vupen.com/english/advisories/2007/3287
FAQ
What is CVE-2007-3754?
CVE-2007-3754 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-t...
How severe is CVE-2007-3754?
CVE-2007-3754 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3754?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone, Apple Iphone Os.