Vulnerability Name:

CVE-2007-3754 (CCN-36845)

Assigned:2007-09-27
Published:2007-09-27
Updated:2022-08-09
Summary:Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-287
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2007-3754

Source: CCN
Type: Apple Web site
About the security content of the iPhone 1.1.1 Update

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306586

Source: APPLE
Type: Patch
APPLE-SA-2007-09-27

Source: OSVDB
Type: UNKNOWN
38537

Source: CCN
Type: SA26983
Apple iPhone Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26983

Source: CCN
Type: SECTRACK ID: 1018752
Apple iPhone Bugs Let Remote Users Dial Phone Numbers, Execute Arbitrary Code, and Conduct Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1018752

Source: CCN
Type: OSVDB ID: 38537
Apple iPhone Mail with SSL MiTM Weakness

Source: BID
Type: UNKNOWN
25856

Source: CCN
Type: BID-25856
Apple iPhone 1.1.1 Mail Information Disclosure Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-3287

Source: XF
Type: UNKNOWN
iphone-mail-information-disclosure(36845)

Source: XF
Type: UNKNOWN
iphone-mail-information-disclosure(36845)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:iphone_os:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple iphone os 1.0.2
    apple iphone 1.0
    apple iphone os 1.0.1
    apple iphone 1.0
    apple iphone 1.0.1
    apple iphone 1.0.2
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    microsoft windows vista *
    apple mac os x 10.4.9
    apple mac os x 10.4.10
    apple mac os x server 10.4.10