Vulnerability Details : CVE-2007-1137
putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.
Products affected by CVE-2007-1137
- cpe:2.3:a:sourceforge:putmail:.11:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.12:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.8:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.9:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:.10:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:putmail:1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1137
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1137
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2007-1137
Jump to