CVE-2017-5658 — MEDIUM (5.3)

Q: How severe is CVE-2017-5658?

CVE-2017-5658 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-5658?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Pony Mail.

Vulnerability Description

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Pony Mail	>= 0.7, <= 0.9

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2017-5658?

CVE-2017-5658 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists...

How severe is CVE-2017-5658?

CVE-2017-5658 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5658?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Pony Mail.