SpamAssassin < 3.1.8 Malformed HTML Long URI DoS

medium Nessus Network Monitor Plugin ID 3918

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running SpamAssassin, an anti-spam software application that detects and blocks spam emails. Due to a content-parsing error, SpamAssassin can be crashed when processing very long URIs within an email message. An attacker exploiting this flaw would only need to have the ability to craft and send an email. Successful exploitation leads to a loss of availability.

Solution

Upgrade to version 3.1.8 or higher.

See Also

http://spamassassin.org

Plugin Details

Severity: Medium

ID: 3918

Family: SMTP Clients

Published: 2/16/2007

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:spamassassin

Reference Information

CVE: CVE-2007-0451

BID: 22584