[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-5867Date: (C)2006-12-31   (M)2023-12-22


fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.8
Exploit Score: 10.0
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1017478
2007-0007
http://www.securityfocus.com/archive/1/archive/1/456115/100/0/threaded
20070201-01-P
http://www.securityfocus.com/archive/1/archive/1/460528/100/0/threaded
BID-21903
SECUNIA-23631
SECUNIA-23695
SECUNIA-23714
SECUNIA-23781
SECUNIA-23804
SECUNIA-23838
SECUNIA-23923
SECUNIA-24007
SECUNIA-24151
SECUNIA-24174
SECUNIA-24284
SECUNIA-24966
OSVDB-31580
ADV-2007-0087
ADV-2007-0088
ADV-2007-1470
APPLE-SA-2007-04-19
DSA-1259
FEDORA-2007-041
GLSA-200701-13
MDKSA-2007:016
OpenPKG-SA-2007.004
RHSA-2007:0018
SSA:2007-024-01
SUSE-SR:2007:004
TA07-109A
USN-405-1
http://docs.info.apple.com/article.html?artnum=305391
http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt
https://issues.rpath.com/browse/RPL-919

CPE    109
cpe:/a:fetchmail:fetchmail:6.1.0
cpe:/a:fetchmail:fetchmail:6.1.3
cpe:/a:fetchmail:fetchmail:6.2.9:rc10
cpe:/a:fetchmail:fetchmail:4.5.1
...
CWE    1
CWE-20

© SecPod Technologies