Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0451

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."

Published

2007-02-16T19:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	spamassassin	≤ 3.1.7	Yes
Application	apache	spamassassin	3.0.1	Yes
Application	apache	spamassassin	3.0.2	Yes
Application	apache	spamassassin	3.0.3	Yes
Application	apache	spamassassin	3.0.4	Yes
Application	apache	spamassassin	3.1.0	Yes
Application	apache	spamassassin	3.1.1	Yes
Application	apache	spamassassin	3.1.2	Yes

References

http://fedoranews.org/cms/node/2657 Patch ([email protected])
http://fedoranews.org/cms/node/2659 Patch ([email protected])
http://osvdb.org/33207 ([email protected])
http://rhn.redhat.com/errata/RHSA-2007-0074.html ([email protected])
http://secunia.com/advisories/24197 Vendor Advisory ([email protected])
http://secunia.com/advisories/24200 Vendor Advisory ([email protected])
http://secunia.com/advisories/24250 Vendor Advisory ([email protected])
http://secunia.com/advisories/24256 Vendor Advisory ([email protected])
http://secunia.com/advisories/24265 Vendor Advisory ([email protected])
http://secunia.com/advisories/24307 Vendor Advisory ([email protected])
http://secunia.com/advisories/24889 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200703-02.xml ([email protected])
http://spamassassin.apache.org/advisories/cve-2007-0451.txt ([email protected])
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:049 ([email protected])
http://www.novell.com/linux/security/advisories/2007_6_sr.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0075.html ([email protected])
http://www.securityfocus.com/bid/22584 Patch ([email protected])
http://www.securitytracker.com/id?1017666 ([email protected])
http://www.vupen.com/english/advisories/2007/0628 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32536 ([email protected])
https://issues.rpath.com/browse/RPL-1073 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018 ([email protected])
http://fedoranews.org/cms/node/2657 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://fedoranews.org/cms/node/2659 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/33207 (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2007-0074.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24197 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24200 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24250 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24256 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24265 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24307 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24889 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200703-02.xml (af854a3a-2127-422b-91ae-364da2661108)
http://spamassassin.apache.org/advisories/cve-2007-0451.txt (af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:049 (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_6_sr.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0075.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22584 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1017666 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0628 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32536 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1073 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018 (af854a3a-2127-422b-91ae-364da2661108)