CVE-2017-5658

Name: CVE-2017-5658
Creator: NVD / NIST
Published: 2018-10-04T14:29:00.327+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.82%

Last modified Jun 17, 2026

CVE-2017-5658 is a vulnerability of currently unknown severity. The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. EPSS estimates a 1.82% chance of exploitation in the next 30 days.

Description

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.

Metrics

EPSS Probability

1.82%

76.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Apache	Pony Mail	>= 0.7, <= 0.9

References

Timeline

Published: Oct 4, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-5658?

How severe is CVE-2017-5658?

Severity scoring for CVE-2017-5658 is pending analysis. The EPSS model estimates a 1.82% probability of exploitation in the next 30 days.

How do I fix CVE-2017-5658?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-5658?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST