CVE-2005-1266

7 documents7 sources
Severity
5.0MEDIUM
EPSS
6.7%
top 8.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Spamassassin
Timeline
PublishedJun 15
Latest updateMay 1

Description

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapache/spamassassin3.0.1, 3.0.2, 3.0.3+2
Debianspamassassin< 3.0.4-1+3

Patches

Patch: bugs.gentoo.orgPatch: security.gentoo.orgPatch: www.vuxml.org

🔴Vulnerability Details

3
GHSA
GHSA-8vfq-99xj-3qjx: Apache SpamAssassin 32022-05-01
CVEList
CVE-2005-1266: Apache SpamAssassin 32005-06-22
OSV
CVE-2005-1266: Apache SpamAssassin 32005-06-15

📋Vendor Advisories

2
Red Hat
security flaw2005-06-15
Debian
CVE-2005-1266: spamassassin - Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a d...2005

💬Community

1
Bugzilla
CVE-2005-1266 security flaw2018-08-16
CVE-2005-1266 (MEDIUM CVSS 5) | Apache SpamAssassin 3.0.1 | cvebase.io