CVE-2007-1137

high

Description

putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/32689

http://www.vupen.com/english/advisories/2007/0753

http://www.securityfocus.com/bid/22718

http://secunia.com/advisories/24266

http://putmail.sourceforge.net/home.html

http://osvdb.org/33764

Details

Source: Mitre, NVD

Published: 2007-03-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00278