CVE-2007-0451

CWE-3999 documents7 sources
Severity
4.3MEDIUM
EPSS
33.4%
top 3.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Spamassassin
Timeline
PublishedFeb 16
Latest updateMay 1

Description

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDapache/spamassassin3.1.7+7
Debianspamassassin< 3.1.7-2+3

Patches

Patch: fedoranews.orgPatch: fedoranews.orgPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-q35m-3hwc-qp9v: Apache SpamAssassin before 32022-05-01
OSV
CVE-2007-0451: Apache SpamAssassin before 32007-02-16
CVEList
CVE-2007-0451: Apache SpamAssassin before 32007-02-16

📋Vendor Advisories

2
Red Hat
security flaw2007-02-13
Debian
CVE-2007-0451: spamassassin - Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of se...2007

💬Community

3
Bugzilla
CVE-2007-0451 security flaw2018-08-16
Bugzilla
CVE-2007-0451 Spamassassin DoS2007-02-13
Bugzilla
CVE-2007-0451 Spamassassin DoS2007-02-13
CVE-2007-0451 (MEDIUM CVSS 4.3) | Apache SpamAssassin before 3.1.8 al | cvebase.io