Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2007-1558

Published: Apr 16, 2007 | Modified: Apr 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
2.6 MODERATE
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-1558
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.

Affected Software

NameVendorStart VersionEnd Version
Apop_protocolApop_protocol**
Red Hat Enterprise Linux 2.1RedHatfetchmail-0:5.9.0-21.7.3.el2.1.6*
Red Hat Enterprise Linux 2.1RedHatseamonkey-0:1.0.9-0.1.el2*
Red Hat Enterprise Linux 3RedHatevolution-0:1.4.5-20.el3*
Red Hat Enterprise Linux 3RedHatfetchmail-0:6.2.0-3.el3.4*
Red Hat Enterprise Linux 3RedHatmutt-5:1.4.1-5.el3*
Red Hat Enterprise Linux 3RedHatseamonkey-0:1.0.9-0.1.el3*
Red Hat Enterprise Linux 4RedHatevolution-0:2.0.2-35.0.2.el4*
Red Hat Enterprise Linux 4RedHatfetchmail-0:6.2.5-6.0.1.el4*
Red Hat Enterprise Linux 4RedHatmutt-5:1.4.1-12.0.3.el4*
Red Hat Enterprise Linux 4RedHatthunderbird-0:1.5.0.12-0.1.el4*
Red Hat Enterprise Linux 4RedHatdevhelp-0:0.10-0.8.el4*
Red Hat Enterprise Linux 4RedHatseamonkey-0:1.0.9-2.el4*
Red Hat Enterprise Linux 4RedHatruby-0:1.8.1-7.el4_8.3*
Red Hat Enterprise Linux 5RedHatevolution-data-server-0:1.8.0-15.0.3.el5*
Red Hat Enterprise Linux 5RedHatfetchmail-0:6.3.6-1.0.1.el5*
Red Hat Enterprise Linux 5RedHatmutt-5:1.4.2.2-3.0.2.el5*
Red Hat Enterprise Linux 5RedHatthunderbird-0:1.5.0.12-1.el5*
Red Hat Enterprise Linux 5RedHatruby-0:1.8.5-5.el5_3.7*
FetchmailUbuntudapper*
FetchmailUbuntudevel*
FetchmailUbuntuedgy*
FetchmailUbuntufeisty*
IceapeUbuntudevel*
ImUbuntudapper*
ImUbuntudevel*
ImUbuntuedgy*
ImUbuntufeisty*
MewUbuntudapper*
MewUbuntudevel*
MewUbuntuedgy*
MewUbuntufeisty*
Mew-betaUbuntudapper*
Mew-betaUbuntudevel*
Mew-betaUbuntuedgy*
Mew-betaUbuntufeisty*
Mozilla-thunderbirdUbuntudapper*
Mozilla-thunderbirdUbuntuedgy*
Mozilla-thunderbirdUbuntufeisty*
WlUbuntudapper*
WlUbuntudevel*
WlUbuntuedgy*
WlUbuntufeisty*
Wl-betaUbuntudapper*
Wl-betaUbuntudevel*
Wl-betaUbuntuedgy*
Wl-betaUbuntufeisty*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use