Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-15705

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.

Published

2018-09-17T14:29:00.293

Last Modified

2024-11-21T03:15:02.343

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	spamassassin	< 3.4.2	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_eus	7.5	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html ([email protected])
http://www.securityfocus.com/bid/105347 Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2018:2916 Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E ([email protected])
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201812-07 ([email protected])
https://usn.ubuntu.com/3811-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3811-2/ Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105347 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2916 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201812-07 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3811-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3811-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)