⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.
CVE-2017-15705
Severity
5.3MEDIUM
EPSS
1.8%
top 17.35%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedSep 17
Latest updateMay 14
Description
A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we …
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4
Affected Packages7 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, Enterprise Linux 7.5
🔴Vulnerability Details
4GHSA▶
GHSA-m63q-qrvc-wwrm: A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3↗2022-05-14
CVEList▶
CVE-2017-15705: A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3↗2018-09-17
OSV▶
CVE-2017-15705: A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3↗2018-09-17
📋Vendor Advisories
4💬Community
2Bugzilla▶
CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and resulting denial of service [fedora-all]↗2018-09-17
Bugzilla▶
CVE-2017-15705 spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service↗2018-09-17