CVE-2007-3754

Published: Sep 27, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

Affected (3)

Products: Apple: Iphone, Iphone Os

Apple

2 products

Iphone

Iphone Os

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone	Version 1.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (16)

http://docs.info.apple.com/article.html?artnum=306586

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html

Source: cve@mitre.org

Patch

http://osvdb.org/38537

Source: cve@mitre.org

http://secunia.com/advisories/26983

Source: cve@mitre.org

http://securitytracker.com/id?1018752

Source: cve@mitre.org

http://www.securityfocus.com/bid/25856

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3287

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36845

Source: cve@mitre.org

http://docs.info.apple.com/article.html?artnum=306586