All the vulnerabilites related to apache - spamassassin
cve-2006-2447
Vulnerability from cvelistv5
Published
2006-06-06 21:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20482"
},
{
"name": "20060607 rPSA-2006-0096-1 spamassassin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9184",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"name": "2006-0034",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"name": "GLSA-200606-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"name": "20692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20692"
},
{
"name": "20566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20566"
},
{
"name": "18290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"name": "20430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"name": "RHSA-2006:0543",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"name": "ADV-2006-2148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"name": "20531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20531"
},
{
"name": "1016230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016230"
},
{
"name": "DSA-1090",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"name": "spamassassin-spamd-command-execution(27008)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"name": "20443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20443"
},
{
"name": "1016235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016235"
},
{
"name": "MDKSA-2006:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "20482",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20482"
},
{
"name": "20060607 rPSA-2006-0096-1 spamassassin",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:9184",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"name": "2006-0034",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"name": "GLSA-200606-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"name": "20692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20692"
},
{
"name": "20566",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20566"
},
{
"name": "18290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"name": "20430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"name": "RHSA-2006:0543",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"name": "ADV-2006-2148",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"name": "20531",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20531"
},
{
"name": "1016230",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016230"
},
{
"name": "DSA-1090",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"name": "spamassassin-spamd-command-execution(27008)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"name": "20443",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20443"
},
{
"name": "1016235",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016235"
},
{
"name": "MDKSA-2006:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2447",
"datePublished": "2006-06-06T21:00:00",
"dateReserved": "2006-05-18T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11805
Vulnerability from cvelistv5
Published
2019-12-12 22:11
Modified
2024-08-05 08:17
Severity ?
EPSS score ?
Summary
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache | Apache SpamAssassin |
Version: Apache SpamAssassin prior to 3.4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
},
{
"name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/oss-sec/2019/q4/154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
},
{
"name": "DSA-4584",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "USN-4237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"name": "USN-4237-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
},
{
"name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
},
{
"name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache SpamAssassin prior to 3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-04T20:06:03",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
},
{
"name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/oss-sec/2019/q4/154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
},
{
"name": "DSA-4584",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "USN-4237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"name": "USN-4237-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
},
{
"name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
},
{
"name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_value": "Apache SpamAssassin prior to 3.4.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5@%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18@%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
},
{
"name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433@%3Cannounce.apache.org%3E"
},
{
"name": "https://seclists.org/oss-sec/2019/q4/154",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2019/q4/154"
},
{
"name": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt",
"refsource": "CONFIRM",
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647",
"refsource": "CONFIRM",
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
},
{
"name": "DSA-4584",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "USN-4237-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"name": "USN-4237-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e@%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b@%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cannounce.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
},
{
"name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
},
{
"name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "openSUSE-SU-2020:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11805",
"datePublished": "2019-12-12T22:11:05",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-08-05T08:17:09.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0451
Vulnerability from cvelistv5
Published
2007-02-16 19:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://spamassassin.apache.org/advisories/cve-2007-0451.txt"
},
{
"name": "24200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24200"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1073"
},
{
"name": "24889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24889"
},
{
"name": "MDKSA-2007:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:049"
},
{
"name": "24265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24265"
},
{
"name": "FEDORA-2007-241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2659"
},
{
"name": "SUSE-SR:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"name": "oval:org.mitre.oval:def:10018",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018"
},
{
"name": "FEDORA-2007-242",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/cms/node/2657"
},
{
"name": "ADV-2007-0628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0628"
},
{
"name": "22584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22584"
},
{
"name": "24250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24250"
},
{
"name": "1017666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017666"
},
{
"name": "RHSA-2007:0074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0074.html"
},
{
"name": "24256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24256"
},
{
"name": "spamassassin-url-dos(32536)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32536"
},
{
"name": "33207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33207"
},
{
"name": "24197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24197"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt"
},
{
"name": "24307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24307"
},
{
"name": "GLSA-200703-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-02.xml"
},
{
"name": "RHSA-2007:0075",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0075.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers \"massive memory usage.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://spamassassin.apache.org/advisories/cve-2007-0451.txt"
},
{
"name": "24200",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24200"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1073"
},
{
"name": "24889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24889"
},
{
"name": "MDKSA-2007:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:049"
},
{
"name": "24265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24265"
},
{
"name": "FEDORA-2007-241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2659"
},
{
"name": "SUSE-SR:2007:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"name": "oval:org.mitre.oval:def:10018",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018"
},
{
"name": "FEDORA-2007-242",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/cms/node/2657"
},
{
"name": "ADV-2007-0628",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0628"
},
{
"name": "22584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22584"
},
{
"name": "24250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24250"
},
{
"name": "1017666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017666"
},
{
"name": "RHSA-2007:0074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2007-0074.html"
},
{
"name": "24256",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24256"
},
{
"name": "spamassassin-url-dos(32536)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32536"
},
{
"name": "33207",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33207"
},
{
"name": "24197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24197"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt"
},
{
"name": "24307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24307"
},
{
"name": "GLSA-200703-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-02.xml"
},
{
"name": "RHSA-2007:0075",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0075.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2007-0451",
"datePublished": "2007-02-16T19:00:00",
"dateReserved": "2007-01-23T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12420
Vulnerability from cvelistv5
Published
2019-12-12 22:16
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache | Apache SpamAssassin |
Version: Apache SpamAssassin prior to 3.4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:40.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
},
{
"name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
},
{
"name": "DSA-4584",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"name": "USN-4237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"name": "USN-4237-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache SpamAssassin prior to 3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service via excessive resource utilization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-31T10:06:07",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
},
{
"name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
},
{
"name": "DSA-4584",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"name": "USN-4237-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"name": "USN-4237-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-12420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_value": "Apache SpamAssassin prior to 3.4.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service via excessive resource utilization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92@%3Cannounce.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b@%3Cdev.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
},
{
"name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de@%3Cannounce.apache.org%3E"
},
{
"name": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt",
"refsource": "CONFIRM",
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747",
"refsource": "MISC",
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
},
{
"name": "DSA-4584",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"name": "USN-4237-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"name": "USN-4237-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E"
},
{
"name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f@%3Cusers.spamassassin.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-12420",
"datePublished": "2019-12-12T22:16:05",
"dateReserved": "2019-05-28T00:00:00",
"dateUpdated": "2024-08-04T23:17:40.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15705
Vulnerability from cvelistv5
Published
2018-09-17 14:00
Modified
2024-09-16 23:15
Severity ?
EPSS score ?
Summary
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3811-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3811-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201812-07 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:2916 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/105347 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache SpamAssassin |
Version: all modern versions before 3.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:04:48.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3811-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3811-2/"
},
{
"name": "USN-3811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2018:2916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"name": "105347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105347"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "all modern versions before 3.4.2"
}
]
}
],
"datePublic": "2018-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T20:06:06",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "USN-3811-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3811-2/"
},
{
"name": "USN-3811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2018:2916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"name": "105347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105347"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-16T00:00:00",
"ID": "CVE-2017-15705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_value": "all modern versions before 3.4.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3811-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3811-2/"
},
{
"name": "USN-3811-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "GLSA-201812-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2018:2916",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"name": "105347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105347"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-15705",
"datePublished": "2018-09-17T14:00:00Z",
"dateReserved": "2017-10-21T00:00:00",
"dateUpdated": "2024-09-16T23:15:46.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11781
Vulnerability from cvelistv5
Published
2018-09-17 14:00
Modified
2024-09-16 18:48
Severity ?
EPSS score ?
Summary
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3811-3/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3811-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201812-07 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2018:2916 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache SpamAssassin |
Version: before 3.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3811-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"name": "USN-3811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2018:2916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "before 3.4.2"
}
]
}
],
"datePublic": "2018-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T20:06:06",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "USN-3811-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"name": "USN-3811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2018:2916",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-16T00:00:00",
"ID": "CVE-2018-11781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_value": "before 3.4.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3811-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"name": "USN-3811-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "GLSA-201812-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name": "RHSA-2018:2916",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11781",
"datePublished": "2018-09-17T14:00:00Z",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-09-16T18:48:23.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1931
Vulnerability from cvelistv5
Published
2020-01-30 17:38
Modified
2024-08-04 06:53
Severity ?
EPSS score ?
Summary
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4615 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2020/Feb/1 | mailing-list, x_refsource_BUGTRAQ | |
| https://usn.ubuntu.com/4265-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4265-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache SpamAssassin |
Version: prior to 3.4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784"
},
{
"name": "DSA-4615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"name": "USN-4265-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"name": "USN-4265-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"name": "FEDORA-2020-24dac7d890",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"name": "FEDORA-2020-bd20036cdc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"name": "openSUSE-SU-2020:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local \u0026 Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-04T20:06:04",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784"
},
{
"name": "DSA-4615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"name": "USN-4265-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"name": "USN-4265-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"name": "FEDORA-2020-24dac7d890",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"name": "FEDORA-2020-bd20036cdc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"name": "openSUSE-SU-2020:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_value": "prior to 3.4.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local \u0026 Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784",
"refsource": "CONFIRM",
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784"
},
{
"name": "DSA-4615",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"name": "USN-4265-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"name": "USN-4265-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"name": "FEDORA-2020-24dac7d890",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"name": "FEDORA-2020-bd20036cdc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"name": "openSUSE-SU-2020:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1931",
"datePublished": "2020-01-30T17:38:42",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1266
Vulnerability from cvelistv5
Published
2005-06-22 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/13978 | vdb-entry, x_refsource_BID | |
| http://bugs.gentoo.org/show_bug.cgi?id=94722 | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-736 | vendor-advisory, x_refsource_DEBIAN | |
| http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e | mailing-list, x_refsource_MLIST | |
| http://security.gentoo.org/glsa/glsa-200506-17.xml | vendor-advisory, x_refsource_GENTOO | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.redhat.com/support/errata/RHSA-2005-498.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:106 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:06.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html"
},
{
"name": "13978",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13978"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=94722"
},
{
"name": "DSA-736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-736"
},
{
"name": "[spamassassin-announce] 20050615 Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e"
},
{
"name": "GLSA-200506-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200506-17.xml"
},
{
"name": "oval:org.mitre.oval:def:10901",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901"
},
{
"name": "RHSA-2005:498",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-498.html"
},
{
"name": "MDKSA-2005:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html"
},
{
"name": "13978",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13978"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=94722"
},
{
"name": "DSA-736",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-736"
},
{
"name": "[spamassassin-announce] 20050615 Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e"
},
{
"name": "GLSA-200506-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200506-17.xml"
},
{
"name": "oval:org.mitre.oval:def:10901",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901"
},
{
"name": "RHSA-2005:498",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-498.html"
},
{
"name": "MDKSA-2005:106",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-1266",
"datePublished": "2005-06-22T04:00:00",
"dateReserved": "2005-04-25T00:00:00",
"dateUpdated": "2024-08-07T21:44:06.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-11780
Vulnerability from cvelistv5
Published
2018-09-17 14:00
Modified
2024-09-16 20:57
Severity ?
EPSS score ?
Summary
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3811-3/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3811-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/105373 | vdb-entry, x_refsource_BID | |
| https://security.gentoo.org/glsa/201812-07 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache SpamAssassin |
Version: before 3.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:17:09.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3811-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"name": "USN-3811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "105373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105373"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "before 3.4.2"
}
]
}
],
"datePublic": "2018-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T20:06:06",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "USN-3811-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"name": "USN-3811-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "105373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105373"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-16T00:00:00",
"ID": "CVE-2018-11780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_value": "before 3.4.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3811-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"name": "USN-3811-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"name": "105373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105373"
},
{
"name": "GLSA-201812-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "openSUSE-SU-2019:1831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-11780",
"datePublished": "2018-09-17T14:00:00Z",
"dateReserved": "2018-06-05T00:00:00",
"dateUpdated": "2024-09-16T20:57:28.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1238
Vulnerability from cvelistv5
Published
2016-08-02 14:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T20:06:06",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=127834",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1238",
"datePublished": "2016-08-02T14:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1930
Vulnerability from cvelistv5
Published
2020-01-30 17:42
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache SpamAssassin |
Version: prior to 3.4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648"
},
{
"name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"name": "DSA-4615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"name": "USN-4265-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"name": "USN-4265-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"name": "FEDORA-2020-24dac7d890",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"name": "FEDORA-2020-bd20036cdc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"name": "openSUSE-SU-2020:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "prior to 3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Local \u0026 Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-04T20:06:05",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648"
},
{
"name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"name": "DSA-4615",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"name": "USN-4265-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"name": "USN-4265-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"name": "FEDORA-2020-24dac7d890",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"name": "FEDORA-2020-bd20036cdc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"name": "openSUSE-SU-2020:0446",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_value": "prior to 3.4.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local \u0026 Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648",
"refsource": "CONFIRM",
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648"
},
{
"name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E"
},
{
"name": "DSA-4615",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"name": "20200203 [SECURITY] [DSA 4615-1] spamassassin security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"name": "USN-4265-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"name": "USN-4265-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"name": "FEDORA-2020-24dac7d890",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"name": "FEDORA-2020-bd20036cdc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2107-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"name": "openSUSE-SU-2020:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1930",
"datePublished": "2020-01-30T17:42:38",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1946
Vulnerability from cvelistv5
Published
2021-03-25 09:20
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
References
| ▼ | URL | Tags |
|---|---|---|
| https://s.apache.org/3r1wh | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-4879 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202105-26 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache SpamAssassin |
Version: Apache SpamAssassin < 3.4.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://s.apache.org/3r1wh"
},
{
"name": "DSA-4879",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4879"
},
{
"name": "FEDORA-2021-bf06dcffa8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/"
},
{
"name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2615-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html"
},
{
"name": "FEDORA-2021-90e915cc4f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/"
},
{
"name": "FEDORA-2021-5a4377797c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/"
},
{
"name": "GLSA-202105-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SpamAssassin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.4.5",
"status": "affected",
"version": "Apache SpamAssassin",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache SpamAssassin would like to thank Damian Lukowski at credativ for ethically reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T11:08:51",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://s.apache.org/3r1wh"
},
{
"name": "DSA-4879",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4879"
},
{
"name": "FEDORA-2021-bf06dcffa8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/"
},
{
"name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2615-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html"
},
{
"name": "FEDORA-2021-90e915cc4f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/"
},
{
"name": "FEDORA-2021-5a4377797c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/"
},
{
"name": "GLSA-202105-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-26"
}
],
"source": {
"defect": [
"https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793"
],
"discovery": "UNKNOWN"
},
"title": "Apache SpamAssassin has an OS Command Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-1946",
"STATE": "PUBLIC",
"TITLE": "Apache SpamAssassin has an OS Command Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SpamAssassin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache SpamAssassin",
"version_value": "3.4.5"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache SpamAssassin would like to thank Damian Lukowski at credativ for ethically reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://s.apache.org/3r1wh",
"refsource": "MISC",
"url": "https://s.apache.org/3r1wh"
},
{
"name": "DSA-4879",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4879"
},
{
"name": "FEDORA-2021-bf06dcffa8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/"
},
{
"name": "[debian-lts-announce] 20210401 [SECURITY] [DLA 2615-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html"
},
{
"name": "FEDORA-2021-90e915cc4f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/"
},
{
"name": "FEDORA-2021-5a4377797c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/"
},
{
"name": "GLSA-202105-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-26"
}
]
},
"source": {
"defect": [
"https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-1946",
"datePublished": "2021-03-25T09:20:11",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3351
Vulnerability from cvelistv5
Published
2005-11-20 21:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "spamassassin-message-recipients-dos(23048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23048"
},
{
"name": "17518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17518/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570"
},
{
"name": "17666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17666/"
},
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17626/"
},
{
"name": "19158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19158"
},
{
"name": "17386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17386/"
},
{
"name": "15373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15373"
},
{
"name": "FEDORA-2005-1065",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lwn.net/Alerts/159300/"
},
{
"name": "[spamassassin-devel] 20051101 [Bug 4570] Mail with lots of To addresses in header triggers Bus error in Perl [CVE-2005-3351]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/spamassassin/devel/62649"
},
{
"name": "oval:org.mitre.oval:def:11125",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11125"
},
{
"name": "RHSA-2006:0129",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0129.html"
},
{
"name": "MDKSA-2005:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:221"
},
{
"name": "ADV-2005-2364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2364"
},
{
"name": "11581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/11581"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients (\"To\" addresses), which triggers a bus error in Perl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "spamassassin-message-recipients-dos(23048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23048"
},
{
"name": "17518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17518/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570"
},
{
"name": "17666",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17666/"
},
{
"name": "17626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17626/"
},
{
"name": "19158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19158"
},
{
"name": "17386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17386/"
},
{
"name": "15373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15373"
},
{
"name": "FEDORA-2005-1065",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lwn.net/Alerts/159300/"
},
{
"name": "[spamassassin-devel] 20051101 [Bug 4570] Mail with lots of To addresses in header triggers Bus error in Perl [CVE-2005-3351]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.gossamer-threads.com/lists/spamassassin/devel/62649"
},
{
"name": "oval:org.mitre.oval:def:11125",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11125"
},
{
"name": "RHSA-2006:0129",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0129.html"
},
{
"name": "MDKSA-2005:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:221"
},
{
"name": "ADV-2005-2364",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2364"
},
{
"name": "11581",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/11581"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17877"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3351",
"datePublished": "2005-11-20T21:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-02-16 19:28
Modified
2024-11-21 00:25
Severity ?
Summary
Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * | |
| apache | spamassassin | 3.0.1 | |
| apache | spamassassin | 3.0.2 | |
| apache | spamassassin | 3.0.3 | |
| apache | spamassassin | 3.0.4 | |
| apache | spamassassin | 3.1.0 | |
| apache | spamassassin | 3.1.1 | |
| apache | spamassassin | 3.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "220BF044-C014-428F-A166-799D59E79581",
"versionEndIncluding": "3.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C070003F-04FC-428B-9569-F4D33932BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65BD8410-D228-4851-850F-1045F8CA5C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E575B18E-C18F-410B-B271-FF4D892BF4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B57B2CB-C29B-4385-ABA9-59E51A16F5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED86528-F90B-45FA-B21F-8D572C77A4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC8292-C195-4966-B980-FF0D9A10053D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "547BE8A6-DAF3-40CE-BCD0-692250F9121B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers \"massive memory usage.\""
},
{
"lang": "es",
"value": "Apache SpamAssassin versiones anteriores a 3.1.8, permite a atacantes remotos causar una denegaci\u00f3n de servicio por medio de URLs largas en HTML malformado, que desencadena un \"massive memory usage\u201d"
}
],
"evaluatorSolution": "Upgrade to SpamAssassin version 3.1.8",
"id": "CVE-2007-0451",
"lastModified": "2024-11-21T00:25:53.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-16T19:28:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://fedoranews.org/cms/node/2657"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://fedoranews.org/cms/node/2659"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/33207"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0074.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24200"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24250"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24256"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24265"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24889"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200703-02.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://spamassassin.apache.org/advisories/cve-2007-0451.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:049"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0075.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22584"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1017666"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0628"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32536"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1073"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://fedoranews.org/cms/node/2657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://fedoranews.org/cms/node/2659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://spamassassin.apache.org/advisories/cve-2007-0451.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-17 14:29
Modified
2024-11-21 03:15
Severity ?
Summary
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.5 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B11FE5D-8764-42A3-A534-0EBA21F550D6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en Apache SpamAssassin en versiones anteriores a la 3.4.2. La vulnerabilidad ocurre con ciertas etiquetas no cerradas en correos electr\u00f3nicos que provocan que las marcas se manejen incorrectamente, lo que conduce al agotamiento del tiempo de escaneo. En Apache SpamAssassin, empleando HTML::Parser, se establece un objeto y se engancha a los manejadores de etiqueta de inicio y final. En ambos casos, el evento \"open\" est\u00e1 inmediatamente seguido por un evento \"close\"; incluso si la etiqueta *no* se cierra en el HTML que se est\u00e1 analizando. Debido a esto, falta que el evento \"text\" gestione el objeto de forma normal. Esto puede provocar que los correos electr\u00f3nicos cuidadosamente manipulados tarden m\u00e1s tiempo en escanearse del planeado, lo que conduce a una denegaci\u00f3n de servicio (DoS). El problema es posiblemente un error o decisi\u00f3n en HTML::Parser que impacta en la forma en la que Apache SpamAssassin emplea el m\u00f3dulo con HTML mal formado. El exploit se ha visto \"in the wild\", pero no se cree que haya sido parte a prop\u00f3sito de un intento de denegaci\u00f3n de servicio (DoS). Se cree que podr\u00edan haber intentos de abusar de la vulnerabilidad en el futuro."
}
],
"id": "CVE-2017-15705",
"lastModified": "2024-11-21T03:15:02.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-17T14:29:00.293",
"references": [
{
"source": "security@apache.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105347"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-2/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-12 23:15
Modified
2024-11-21 04:22
Severity ?
Summary
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2692E178-CFD6-4ED7-830D-1BFEC16F44D3",
"versionEndExcluding": "3.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly."
},
{
"lang": "es",
"value": "En Apache SpamAssassin versiones anteriores a 3.4.3, un mensaje puede ser dise\u00f1ado de una forma que use recursos excesivos. La actualizaci\u00f3n recomendada a SA versi\u00f3n 3.4.3 lo antes posible es la soluci\u00f3n recomendada, pero los detalles no ser\u00e1n compartidos p\u00fablicamente."
}
],
"id": "CVE-2019-12420",
"lastModified": "2024-11-21T04:22:48.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T23:15:12.070",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
},
{
"source": "security@apache.org",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-02 14:59
Modified
2024-11-21 02:46
Severity ?
Summary
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| perl | perl | 1.0.15 | |
| perl | perl | 1.0.16 | |
| perl | perl | 5.000 | |
| perl | perl | 5.000o | |
| perl | perl | 5.001 | |
| perl | perl | 5.001n | |
| perl | perl | 5.002 | |
| perl | perl | 5.002_01 | |
| perl | perl | 5.003 | |
| perl | perl | 5.003_01 | |
| perl | perl | 5.003_02 | |
| perl | perl | 5.003_03 | |
| perl | perl | 5.003_04 | |
| perl | perl | 5.003_05 | |
| perl | perl | 5.003_07 | |
| perl | perl | 5.003_08 | |
| perl | perl | 5.003_09 | |
| perl | perl | 5.003_10 | |
| perl | perl | 5.003_11 | |
| perl | perl | 5.003_12 | |
| perl | perl | 5.003_13 | |
| perl | perl | 5.003_14 | |
| perl | perl | 5.003_15 | |
| perl | perl | 5.003_16 | |
| perl | perl | 5.003_17 | |
| perl | perl | 5.003_18 | |
| perl | perl | 5.003_19 | |
| perl | perl | 5.003_20 | |
| perl | perl | 5.003_21 | |
| perl | perl | 5.003_22 | |
| perl | perl | 5.003_23 | |
| perl | perl | 5.003_24 | |
| perl | perl | 5.003_25 | |
| perl | perl | 5.003_26 | |
| perl | perl | 5.003_27 | |
| perl | perl | 5.003_28 | |
| perl | perl | 5.003_90 | |
| perl | perl | 5.003_91 | |
| perl | perl | 5.003_92 | |
| perl | perl | 5.003_93 | |
| perl | perl | 5.003_94 | |
| perl | perl | 5.003_95 | |
| perl | perl | 5.003_96 | |
| perl | perl | 5.003_97 | |
| perl | perl | 5.003_97a | |
| perl | perl | 5.003_97b | |
| perl | perl | 5.003_97c | |
| perl | perl | 5.003_97d | |
| perl | perl | 5.003_97e | |
| perl | perl | 5.003_97f | |
| perl | perl | 5.003_97g | |
| perl | perl | 5.003_97h | |
| perl | perl | 5.003_97i | |
| perl | perl | 5.003_97j | |
| perl | perl | 5.003_98 | |
| perl | perl | 5.003_99 | |
| perl | perl | 5.003_99a | |
| perl | perl | 5.004 | |
| perl | perl | 5.004_01 | |
| perl | perl | 5.004_02 | |
| perl | perl | 5.004_03 | |
| perl | perl | 5.004_04 | |
| perl | perl | 5.004_05 | |
| perl | perl | 5.005 | |
| perl | perl | 5.005_01 | |
| perl | perl | 5.005_02 | |
| perl | perl | 5.005_03 | |
| perl | perl | 5.005_04 | |
| perl | perl | 5.6 | |
| perl | perl | 5.6.0 | |
| perl | perl | 5.6.1 | |
| perl | perl | 5.6.2 | |
| perl | perl | 5.7.3 | |
| perl | perl | 5.8 | |
| perl | perl | 5.8.0 | |
| perl | perl | 5.8.1 | |
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.9.0 | |
| perl | perl | 5.9.1 | |
| perl | perl | 5.9.2 | |
| perl | perl | 5.9.3 | |
| perl | perl | 5.9.4 | |
| perl | perl | 5.9.5 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.15.0 | |
| perl | perl | 5.15.1 | |
| perl | perl | 5.15.2 | |
| perl | perl | 5.15.3 | |
| perl | perl | 5.15.4 | |
| perl | perl | 5.15.5 | |
| perl | perl | 5.15.6 | |
| perl | perl | 5.15.7 | |
| perl | perl | 5.15.8 | |
| perl | perl | 5.15.9 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.1 | |
| perl | perl | 5.16.2 | |
| perl | perl | 5.16.3 | |
| perl | perl | 5.16.3 | |
| perl | perl | 5.17.0 | |
| perl | perl | 5.17.1 | |
| perl | perl | 5.17.2 | |
| perl | perl | 5.17.3 | |
| perl | perl | 5.17.4 | |
| perl | perl | 5.17.5 | |
| perl | perl | 5.17.6 | |
| perl | perl | 5.17.7 | |
| perl | perl | 5.17.7.0 | |
| perl | perl | 5.17.8 | |
| perl | perl | 5.17.9 | |
| perl | perl | 5.17.10 | |
| perl | perl | 5.17.11 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.1 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.4 | |
| perl | perl | 5.19.0 | |
| perl | perl | 5.19.1 | |
| perl | perl | 5.19.2 | |
| perl | perl | 5.19.3 | |
| perl | perl | 5.19.4 | |
| perl | perl | 5.19.5 | |
| perl | perl | 5.19.6 | |
| perl | perl | 5.19.7 | |
| perl | perl | 5.19.8 | |
| perl | perl | 5.19.9 | |
| perl | perl | 5.19.10 | |
| perl | perl | 5.19.11 | |
| perl | perl | 5.20.0 | |
| perl | perl | 5.20.0 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.2 | |
| perl | perl | 5.20.2 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.21.0 | |
| perl | perl | 5.21.1 | |
| perl | perl | 5.21.2 | |
| perl | perl | 5.21.3 | |
| perl | perl | 5.21.4 | |
| perl | perl | 5.21.5 | |
| perl | perl | 5.21.6 | |
| perl | perl | 5.21.7 | |
| perl | perl | 5.21.8 | |
| perl | perl | 5.21.9 | |
| perl | perl | 5.21.10 | |
| perl | perl | 5.21.11 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.2 | |
| perl | perl | 5.22.2 | |
| perl | perl | 5.22.3 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.1 | |
| opensuse | leap | 15.0 | |
| apache | spamassassin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BF593285-9ECF-4F81-8D0E-7048E5297A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "68E7AF92-F791-4F27-A996-1C688E27EB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.000:*:*:*:*:*:*:*",
"matchCriteriaId": "33BD16F3-90F9-44FA-913F-3E8832EE7FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.000o:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9A905C-3DF9-4EB6-B93A-F7DFED63E2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.001:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0F4D87-B780-4672-93B5-739E365E2155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.001n:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2C9916-353B-4958-AF80-5477DB26F015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.002:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C74D41-BC84-43C2-9C6B-0C11A61EDC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.002_01:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56CD3C-542A-4441-AF33-65C084F219C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0C7A76-FEDA-4AC4-BFAD-01015DAE751D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_01:*:*:*:*:*:*:*",
"matchCriteriaId": "8950DFB0-64BF-4E4A-929F-8165A88F8C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_02:*:*:*:*:*:*:*",
"matchCriteriaId": "C63F4167-E4D2-4633-8CDA-4E2A86E66AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_03:*:*:*:*:*:*:*",
"matchCriteriaId": "85F31F8A-5682-45D6-8E0C-E7F312F59F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_04:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EE1C93-D2C6-4F53-9862-C29E93C6D80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_05:*:*:*:*:*:*:*",
"matchCriteriaId": "E59A0DBD-B135-41A1-92C1-EABA0157839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_07:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2932C3-0F88-46A4-8822-78CD5F1EBB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_08:*:*:*:*:*:*:*",
"matchCriteriaId": "F760289E-C86E-4AC6-A4EC-DB25A141C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_09:*:*:*:*:*:*:*",
"matchCriteriaId": "2F43A336-EDE0-445B-827F-E9544FC77552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_10:*:*:*:*:*:*:*",
"matchCriteriaId": "7749C19E-DC46-4F0B-A866-B292FA74B29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_11:*:*:*:*:*:*:*",
"matchCriteriaId": "E92CC85B-B58C-48F8-9E6C-4EF2053AC276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_12:*:*:*:*:*:*:*",
"matchCriteriaId": "818A195C-E450-4BA5-9557-A65285D79ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_13:*:*:*:*:*:*:*",
"matchCriteriaId": "82FEB582-2504-4E7E-A5C6-E0B6A4CC16D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_14:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAC694B-E397-4C15-BDBC-3D897761A9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_15:*:*:*:*:*:*:*",
"matchCriteriaId": "0039A8F5-063D-49D6-8820-6948BB50C923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_16:*:*:*:*:*:*:*",
"matchCriteriaId": "E233E9D3-B462-4DF6-B46A-7D92DF37D6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F09857-DC25-40F3-9D40-1699AED6ABBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_18:*:*:*:*:*:*:*",
"matchCriteriaId": "F786345C-81BB-4BA4-B84A-0AB99E92B104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_19:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E22076-8DA3-40B7-BD3B-ACFBFAE79B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_20:*:*:*:*:*:*:*",
"matchCriteriaId": "E81E679F-803B-4AFB-947A-5DB6FE40A099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_21:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FDE206-0648-4758-AFBF-E1E062875485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_22:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1DE8-E39E-4B87-AAB3-076CC0086913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_23:*:*:*:*:*:*:*",
"matchCriteriaId": "49A046AB-FBF7-4F69-BDA5-A38ACF7A5822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_24:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFEB7B3-2A2A-40BC-9EA9-0E18E62BBDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_25:*:*:*:*:*:*:*",
"matchCriteriaId": "F81F635C-AF53-4515-8D38-0A738A0FD16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_26:*:*:*:*:*:*:*",
"matchCriteriaId": "90FCFD46-17FC-4550-8608-4FBE7A450922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_27:*:*:*:*:*:*:*",
"matchCriteriaId": "3343A0BC-D62F-4FC5-A5BC-4FF155A566E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_28:*:*:*:*:*:*:*",
"matchCriteriaId": "B0440F0B-154D-48CE-84CB-0751F2CC9EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_90:*:*:*:*:*:*:*",
"matchCriteriaId": "0539B3F5-A216-4B9A-8229-752519135153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_91:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCD591B-2C36-4EED-8CC2-F7B30C786CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_92:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8B22C0-B8DA-496E-B615-EA8482FC04A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_93:*:*:*:*:*:*:*",
"matchCriteriaId": "B9215B20-2133-4992-928A-9EBD734A12A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_94:*:*:*:*:*:*:*",
"matchCriteriaId": "27E6BE18-F346-46DF-B84C-ED5CFDC5ABE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_95:*:*:*:*:*:*:*",
"matchCriteriaId": "F19F55A5-AAC9-4F7D-83F0-C91F98F6DEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_96:*:*:*:*:*:*:*",
"matchCriteriaId": "5166BC2D-E3CC-4FA9-91C3-D97948003044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A4BB0-4C93-40A5-87CC-84C6338DF398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97a:*:*:*:*:*:*:*",
"matchCriteriaId": "07A1FD7E-6805-4F78-B15E-955D58FBC9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97b:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D805C-D3EC-4A9E-BD80-D448A719BFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97c:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7EB8B6-0AB4-481F-8720-C6DB61EACB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97d:*:*:*:*:*:*:*",
"matchCriteriaId": "918B183C-AEAD-477D-871D-2582271D940A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97e:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63EC1F-3311-44DD-8CCA-4D04C0F53E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97f:*:*:*:*:*:*:*",
"matchCriteriaId": "7DABDF1C-7793-4716-A7E8-895354874AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97g:*:*:*:*:*:*:*",
"matchCriteriaId": "07D18688-D419-40FA-BBD6-C3DE46F5093C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97h:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE475CA-40C1-4851-A157-57BC56626B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97i:*:*:*:*:*:*:*",
"matchCriteriaId": "580002B3-C356-45DA-8C60-B5DFACED6DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97j:*:*:*:*:*:*:*",
"matchCriteriaId": "132AB295-0768-4927-AD64-1BB962BF406E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_98:*:*:*:*:*:*:*",
"matchCriteriaId": "58C6E5A0-45FD-4ECF-94A5-593C27051E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_99:*:*:*:*:*:*:*",
"matchCriteriaId": "75B905E8-76E7-45C8-B761-BD608C5465DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_99a:*:*:*:*:*:*:*",
"matchCriteriaId": "7666AD83-03A2-42D8-8D39-6377D0AB1A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004:*:*:*:*:*:*:*",
"matchCriteriaId": "47B622FF-B240-48AE-898C-5EB0F612563F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_01:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9678C4-63EF-4717-A1C2-439A6726914B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_02:*:*:*:*:*:*:*",
"matchCriteriaId": "5807630D-4939-49D1-886D-9B5B35BDE131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_03:*:*:*:*:*:*:*",
"matchCriteriaId": "A10B1AFC-4BB0-432D-89F7-0EB1E74C99FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_04:*:*:*:*:*:*:*",
"matchCriteriaId": "13D67525-0514-4ED9-ACC7-D807225A6F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_05:*:*:*:*:*:*:*",
"matchCriteriaId": "B34949C7-F77A-4EC3-A757-21B7A2A44116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005:*:*:*:*:*:*:*",
"matchCriteriaId": "1628FEAE-D96C-47C9-BF90-72506D8B9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_01:*:*:*:*:*:*:*",
"matchCriteriaId": "35728909-A140-4531-AEF6-3A11722B4648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_02:*:*:*:*:*:*:*",
"matchCriteriaId": "F05D8B69-C077-41B0-8E1B-5DE25C5974DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_03:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5FF9A9-5E08-47F5-81C3-94522DA40187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_04:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA7EA98-01E5-40A9-B8A4-7768E96B46D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3579E04-215F-4B7D-BC6B-5AA7F98715AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDE0711-1423-4E75-A902-1DA04DC8C352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD62DA82-0EB3-4ACA-ACC8-A1E63C031D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66F27F6D-ED2A-42C4-96A0-2F6536D9DA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B476B28F-8F98-4794-A915-C47AB0C2A857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEC7CCD-459E-41CF-B819-696AB6C9BB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4932278D-A661-42D9-AA36-4233B174EF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2AFF98CD-FAF3-4016-BF69-FBCAACF570B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF54207-7CF6-4204-9AA2-C705865797A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D37C95-2AB2-4827-A106-16D93ED21BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60C1DB87-F7F4-4D1D-9182-5922BAC7E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "074987BF-A9E8-44BE-B9B8-C58C53A41EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5CFBA1-E202-4AF9-A26D-D66830C070B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc0:*:*:*:*:*:*",
"matchCriteriaId": "2BCC9FF2-71D7-4873-AE3C-432EFBE642BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E8FCF-4358-42D9-8C04-EBF78CC21583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E044E615-78CC-49BD-87D6-06710D857AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A1D2576-41C9-433A-B483-BE11A2E08B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC45A04-5E81-4938-A247-A31E826FDABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DDAB7D-1344-4C2E-B39D-05D2B9770333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B8197E63-97EE-471C-B6A8-F2FFA9841515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18CB92C4-A966-48F6-8B52-355A39A86F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F8228A7-A933-470A-A72F-14B7F15C20EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AD4720-7A84-4D02-8DDC-1B91A08D98D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4D8DBCF-CB0C-4E5C-8CE0-F43A4769463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "72589C2C-9ACC-4A48-8CCA-FD5410A51FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47B99644-442E-457D-A934-521E82F5DA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EE0482C-9845-4CEA-9E22-E74B6A44537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A4B961F2-346B-4459-8363-B3C7CA6F17D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02575484-8DC7-4B4D-8CA0-2766A47CFC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3CE102-2E66-4720-A1E6-7C937245BF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE375DE-45CF-4867-BCA8-2655CA5CE06F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "189AEAEA-5853-4597-BF3C-82B2942CD62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D385CF65-BE9E-4269-A558-D67C037F3662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8BF0A6-90DE-4B43-9D5B-52D1E2FDDC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94D93987-6891-4003-9FDA-5E0E31E6CDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3935C006-C2D5-4568-BCA7-C949E2DF6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDE7322-68A5-4924-9612-B1D3B72809FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5044A2-8BE6-4319-B042-B64B5FACE926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E3D711-A503-480F-B1EC-EC433F7DD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99D451CD-5278-4501-A0D2-1419A9ACB619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2B2BDE6-597D-4C7F-AE7F-3D7A64813336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38179468-F93E-4E3C-8213-5F4A903B186A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4A28C-360F-4527-B596-7467FF10579F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45C4E830-5173-41C4-8E06-D17F0BDA8774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1857347B-E3A5-41BA-B6CB-1D9C2AA27BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D119DB-B1C8-406E-8E2E-5BAC3BC61206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA9232E-21A1-43E8-8BFB-031A2904331F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB99136F-4B16-4C3C-84FE-8A49DC545694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D9FB9B-1CEE-4360-B92C-7CE69160CF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "532B5841-0249-4EDE-AA52-292150DEC0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E84E6D66-D4EC-47DF-9C80-5D1F41545ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB61BB5A-BE61-4BB6-9CF1-48947C780F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8240432C-DBFB-4977-8562-3F225BA745A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "596EA807-1994-4282-80EF-47F7C784327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "910E6121-7D96-492D-8E23-A6C87E463C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F6649D-36EF-4F8C-A831-1A03854ECF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "255CF66E-6FAA-4723-82DC-389449904ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D6FC93-97C7-4B17-81CF-CCDAA4C6AE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41488C64-89AF-47DE-9B7E-E0CE4E417E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2685AEF2-D96C-4571-A4D3-B95496D1ECD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "83066A81-9B80-478D-BAA2-614655272226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6819B0BE-16FA-4FFD-8EBB-43725162C4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C103F31D-1C0D-49A3-9639-E294BFCCC070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B398B96D-0C50-4FCE-9819-BC599ECB2208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "092191BC-4135-4437-84CF-F2E8C3FC1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D731DA65-C2C1-4954-92CB-B0DD9042E247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7DB4CB39-5A63-4D97-A5C3-CF61F7E171A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EF7EB508-710C-4064-9C94-3558C4AB43FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42DF1C61-82E5-4D84-A027-1CFDB4F9DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C09081B7-56AC-4D30-BC39-5FC5503DAB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "40A7771E-C770-4494-9DB2-15E7F8D15C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D4C89268-1858-4F09-AF4E-5BB2CB8794CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E931F-85AB-4D99-BDC4-80C666187C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "277580B4-8F5E-43A3-A9A9-46D2D3E30BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C745ED42-1290-4AF4-9A64-1D681DE392DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17CAEB2B-2F87-43CF-AA6D-DED035CF340C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAE1166-C49F-47D2-9235-0BC6CCC92FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8E733A-F9AA-4A17-89E4-F3F25732A198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17AA261B-1CBD-4052-923C-3964B53EB740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B664952-4144-4D7A-B841-949ED6BE7397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7FEDE-D7F4-4B73-A7A7-D65F1AFFEC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1FF482-9D80-4695-936E-0AAB3CB37072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD3F63E-9A8F-4A6C-90BA-8C9D7ADE7B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2BDD85-7ABB-4E73-B2BD-F3796DF137F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F82F7EA-48CE-4EDC-8C91-B1E1CA9CF213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069761F3-ADA6-4F9A-A42D-9CBFCA3329C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD42D433-7822-4697-BE03-2867134DF70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F67D144-A456-4A54-899A-77B15A2D6B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1B6F92DD-B408-4826-9407-80E157B12839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63892648-AC91-41FE-8258-83FBE6BEC019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "971901BB-B633-4F51-9E36-BBA997278DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E5D07F59-CCBB-4372-ABFB-8C6E3509FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0993E1-AF16-4D43-ACF1-7A1D8C1914FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88D6873B-B718-4BA3-875F-AF2247D1DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3EDCDB3E-4710-4FFD-AF24-FE3F06B75ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99267332-20F0-416B-8F01-ED45280BD2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AE652-51F8-4C37-B7CE-04A82202A723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F82B8B-1B85-4742-8ACE-5B46DD59A39F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0B035B-B17C-4A1E-ADF1-1F90F65120C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B28B883C-BB67-4775-B17A-2A01E0468350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917BF173-034B-4085-AB67-10EA9B770E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94C06A0B-5A3A-48B5-8E39-42F5C9CEF193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6F242F60-5267-4B30-90E7-BAE119AE0B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185BCB23-EC77-41CD-A75D-25B2A351A72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38513AFB-DB85-44C2-93CC-199A2759ACA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "51F325D8-6BAC-4CDE-A6A7-9DE8E7F8E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E146059C-714F-4DF5-A9DA-A9672F7BA1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88FABC18-1DEB-4732-9E0C-B0F3DE4EEAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E09087D-3852-426A-A5E1-0081DFC17F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DE19639C-2939-45E6-9977-930E1D68E1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E31817-A94D-48DE-A81E-2417AF5FA775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F0DC1981-0997-4B3E-9058-611F7D0789C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6131602-C488-4932-8FE1-0CCA24E9F917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "46A8B43D-4177-4258-A2EC-DE7AEA366B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "81991993-3AFC-4462-8707-1B5CD796B500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F2E723-9520-4BAC-BD22-58D8042965A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BA0E5830-4D61-43A9-AC9C-14338553EF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4192D6D-5466-47B5-9733-02F95CE0AAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D972BFFE-84F9-47D0-B8F2-E1817DA8732D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D504C3E-EEEA-4023-89C3-FCEC0B763E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "19D5E676-9653-4B39-9C51-3A249724EF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "300C59DD-95F7-49B9-833D-3463F6F98701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7EB29593-0EEB-4F28-8293-6D1CC0A99887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CB12C8AF-9C04-4581-895E-D684C759F657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C7CC6EC-E04C-47E3-B350-7171A7B7CD0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B11FE5D-8764-42A3-A534-0EBA21F550D6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
},
{
"lang": "es",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL y (25) utils/splain.PL en Perl 5.x en versiones anteriores a 5.22.3-RC2 y 5.24 en versiones anteriores a 5.24.1 1-RC2 no elimina adecuadamente caracteres . (period) del final de la matriz de directorio incluida, lo que podr\u00eda permitir a usuarios locales obtener privilegios a trav\u00e9s de un m\u00f3dulo Troyano bajo el directorio de trabajo actual."
}
],
"id": "CVE-2016-1238",
"lastModified": "2024-11-21T02:46:00.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-02T14:59:00.130",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "security@debian.org",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"source": "security@debian.org",
"tags": [
"Permissions Required"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-12 23:15
Modified
2024-11-21 03:44
Severity ?
Summary
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2692E178-CFD6-4ED7-830D-1BFEC16F44D3",
"versionEndExcluding": "3.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places."
},
{
"lang": "es",
"value": "En Apache SpamAssassin versiones anteriores a 3.4.3, se pueden configurar archivos CF nefastos para ejecutar comandos de sistema sin ning\u00fan resultado o error. Con esto, las explotaciones pueden ser inyectadas en varios escenarios. Adicionalmente para actualizar a SA versi\u00f3n 3.4.3, recomendamos que los usuarios solo utilicen canales de actualizaci\u00f3n o archivos .cf de terceros desde lugares confiables."
}
],
"id": "CVE-2018-11805",
"lastModified": "2024-11-21T03:44:04.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-12T23:15:11.947",
"references": [
{
"source": "security@apache.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
},
{
"source": "security@apache.org",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
},
{
"source": "security@apache.org",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
},
{
"source": "security@apache.org",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2019/q4/154"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Dec/27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/oss-sec/2019/q4/154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4237-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4237-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4584"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-25 10:15
Modified
2024-11-21 05:11
Severity ?
Summary
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2EC96E-432A-4D9F-95C7-051CBE121C7D",
"versionEndExcluding": "3.4.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places."
},
{
"lang": "es",
"value": "En Apache SpamAssassin anterior a versi\u00f3n 3.4.5, los archivos de configuraci\u00f3n de reglas maliciosas (.cf) se pueden configurar para ejecutar comandos del sistema sin ning\u00fan resultado ni errores.\u0026#xa0;Con esto, las explotaciones se pueden inyectar en varios escenarios.\u0026#xa0;Adem\u00e1s de actualizar a la versi\u00f3n 3.4.5 de SA, los usuarios solo deben usar canales de actualizaci\u00f3n o archivos .cf de terceros desde lugares de confianza"
}
],
"id": "CVE-2020-1946",
"lastModified": "2024-11-21T05:11:42.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-25T10:15:11.727",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://s.apache.org/3r1wh"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-26"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7V2SBVTKVLFFT36ECJQ7TQ7KAQCQZDRZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JFBFRIG5TX23NF4ND6OAKKY7I6TLRCCP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NKAXYBKBMQOLIW6UKASJCAZRBOIYS4RL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://s.apache.org/3r1wh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4879"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-17 14:29
Modified
2024-11-21 03:44
Severity ?
Summary
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B11FE5D-8764-42A3-A534-0EBA21F550D6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax."
},
{
"lang": "es",
"value": "Apache SpamAssassin 3.4.2 soluciona una inyecci\u00f3n de c\u00f3digo de usuario local en la sintaxis de reglas meta."
}
],
"id": "CVE-2018-11781",
"lastModified": "2024-11-21T03:44:01.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-17T14:29:00.577",
"references": [
{
"source": "security@apache.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-3/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-15 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | 3.0.1 | |
| apache | spamassassin | 3.0.2 | |
| apache | spamassassin | 3.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C070003F-04FC-428B-9569-F4D33932BF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "65BD8410-D228-4851-850F-1045F8CA5C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E575B18E-C18F-410B-B271-FF4D892BF4C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries."
}
],
"id": "CVE-2005-1266",
"lastModified": "2024-11-20T23:56:57.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-15T04:00:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=94722"
},
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200506-17.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-736"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:106"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2005-498.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/13978"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=94722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/spamassassin-announce/200506.mbox/%3c17072.35054.586017.822288%40proton.pathname.com%3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200506-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-498.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000cf18bbe54.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10901"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-06 21:06
Modified
2024-11-21 00:11
Severity ?
Summary
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | 3.1.0 | |
| apache | spamassassin | 3.1.1 | |
| apache | spamassassin | 3.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED86528-F90B-45FA-B21F-8D572C77A4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC8292-C195-4966-B980-FF0D9A10053D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "547BE8A6-DAF3-40CE-BCD0-692250F9121B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username."
}
],
"id": "CVE-2006-2447",
"lastModified": "2024-11-21T00:11:20.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-06T21:06:00.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20430"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20443"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20482"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20531"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20566"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20692"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016230"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016235"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1090"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0543.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/436288/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0034/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9184"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-17 14:29
Modified
2024-11-21 03:44
Severity ?
Summary
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * | |
| pdfinfo_project | pdfinfo | - | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B11FE5D-8764-42A3-A534-0EBA21F550D6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:pdfinfo_project:pdfinfo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9F3674-D8EE-46A6-953A-C09F38D3505E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2."
},
{
"lang": "es",
"value": "Existe un error potencial de ejecuci\u00f3n remota de c\u00f3digo en el plugin PDFInfo en Apache SpamAssassin en versiones anteriores a la 3.4.2."
}
],
"id": "CVE-2018-11780",
"lastModified": "2024-11-21T03:44:01.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-17T14:29:00.467",
"references": [
{
"source": "security@apache.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105373"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3811-3/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-30 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2692E178-CFD6-4ED7-830D-1BFEC16F44D3",
"versionEndExcluding": "3.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios including the same privileges as spamd is run which may be elevated though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places. If you cannot upgrade, do not use 3rd party rulesets, do not use sa-compile and do not run spamd as an account with elevated privileges."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de ejecuci\u00f3n de comando en Apache SpamAssassin versiones anteriores a 3.4.3. Los archivos (.cf) de Configuraci\u00f3n de reglas nefastas cuidadosamente dise\u00f1adas pueden ser configuradas para ejecutar comandos de sistema similar al CVE-2018-11805. Con este error sin parchear, pueden ser inyectadas las explotaciones en varios escenarios, incluyendo los mismos privilegios en que se ejecuta spamd, que pueden ser elevados, aunque hacerlo remotamente es dif\u00edcil. Adem\u00e1s de actualizar a SA versi\u00f3n 3.4.4, recomendamos de nuevo que los usuarios solo deben usar canales de actualizaci\u00f3n o archivos .cf de terceros desde lugares confiables. Si no puede actualizar, no use conjuntos de reglas de terceros, no use sa-compile y no ejecute spamd como una cuenta con privilegios elevados."
}
],
"id": "CVE-2020-1930",
"lastModified": "2024-11-21T05:11:38.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-30T18:15:11.317",
"references": [
{
"source": "security@apache.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
},
{
"source": "security@apache.org",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"source": "security@apache.org",
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"source": "security@apache.org",
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4615"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-20 21:03
Modified
2024-11-21 00:01
Severity ?
Summary
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | 3.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B57B2CB-C29B-4385-ABA9-59E51A16F5FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients (\"To\" addresses), which triggers a bus error in Perl."
}
],
"id": "CVE-2005-3351",
"lastModified": "2024-11-21T00:01:41.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-20T21:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lwn.net/Alerts/159300/"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/11581"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17386/"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17518/"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17626/"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17666/"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17877"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/19158"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gossamer-threads.com/lists/spamassassin/devel/62649"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:221"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0129.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/15373"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2364"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23048"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lwn.net/Alerts/159300/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/11581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17386/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17518/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17626/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17666/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gossamer-threads.com/lists/spamassassin/devel/62649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11125"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-30 18:15
Modified
2024-11-21 05:11
Severity ?
Summary
A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | spamassassin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2692E178-CFD6-4ED7-830D-1BFEC16F44D3",
"versionEndExcluding": "3.4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian Lukowski at credativ for reporting the issue ethically. With this bug unpatched, exploits can be injected in a number of scenarios though doing so remotely is difficult. In addition to upgrading to SA 3.4.4, we again recommend that users should only use update channels or 3rd party .cf files from trusted places."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema de ejecuci\u00f3n de comando en Apache SpamAssassin versiones anteriores a 3.4.3. Los archivos (.cf) de Configuraci\u00f3n nefastos cuidadosamente dise\u00f1ados pueden ser configurados para ejecutar comandos de sistema similar al CVE-2018-11805. Este problema es menos sigiloso y los intentos para explotarlo arrojar\u00e1n advertencias. Gracias a Damian Lukowski en credativ por reportar el problema \u00e9ticamente. Con este error sin parchear, pueden ser inyectadas explotaciones en varios escenarios, aunque hacerlo remotamente es dif\u00edcil. Adem\u00e1s de actualizar a SA versiones 3.4.4, recomendamos de nuevo que los usuarios solo deben usar canales de actualizaci\u00f3n o archivos .cf de terceros desde lugares confiables."
}
],
"id": "CVE-2020-1931",
"lastModified": "2024-11-21T05:11:38.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-30T18:15:11.410",
"references": [
{
"source": "security@apache.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
},
{
"source": "security@apache.org",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784"
},
{
"source": "security@apache.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"source": "security@apache.org",
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"source": "security@apache.org",
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"source": "security@apache.org",
"url": "https://www.debian.org/security/2020/dsa-4615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7SY2LUSH2X3IUXN4EQQ5A6QVUFYIV3D/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOVVKFP2G2AF5GHAB4WMHOEX76A3H6CE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2020/Feb/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4265-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4265-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4615"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}