CVE-2007-0451
Gentoo Linux Security Advisory 200703-2
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
Apache SpamAssassin versiones anteriores a 3.1.8, permite a atacantes remotos causar una denegación de servicio por medio de URLs largas en HTML malformado, que desencadena un "massive memory usage”
A bug in the way that SpamAssassin processes HTML emails containing URIs was discovered in versions 3.1.x. A carefully crafted mail message could make SpamAssassin consume significant amounts of CPU resources that could delay or prevent the delivery of mail if a number of these messages were sent at once. SpamAssassin has been upgraded to version 3.1.8 to correct this problem, and other upstream bugs. In addition, an invalid path setting in local.cf for the auto_whitelist_path has been fixed for Mandriva 2007.0.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-01-23 CVE Reserved
- 2007-02-16 CVE Published
- 2024-08-07 CVE Updated
- 2025-05-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (25)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/33207 | Vdb Entry | |
| http://spamassassin.apache.org/advisories/cve-2007-0451.txt | X_refsource_confirm | |
| http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt | X_refsource_confirm | |
| http://www.securitytracker.com/id?1017666 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32536 | Vdb Entry | |
| https://issues.rpath.com/browse/RPL-1073 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://fedoranews.org/cms/node/2657 | 2017-10-11 | |
| http://fedoranews.org/cms/node/2659 | 2017-10-11 | |
| http://www.securityfocus.com/bid/22584 | 2017-10-11 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2007-0074.html | 2017-10-11 | |
| http://secunia.com/advisories/24197 | 2017-10-11 | |
| http://secunia.com/advisories/24200 | 2017-10-11 | |
| http://secunia.com/advisories/24250 | 2017-10-11 | |
| http://secunia.com/advisories/24256 | 2017-10-11 | |
| http://secunia.com/advisories/24265 | 2017-10-11 | |
| http://secunia.com/advisories/24307 | 2017-10-11 | |
| http://secunia.com/advisories/24889 | 2017-10-11 | |
| http://security.gentoo.org/glsa/glsa-200703-02.xml | 2017-10-11 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:049 | 2017-10-11 | |
| http://www.novell.com/linux/security/advisories/2007_6_sr.html | 2017-10-11 | |
| http://www.redhat.com/support/errata/RHSA-2007-0075.html | 2017-10-11 | |
| http://www.vupen.com/english/advisories/2007/0628 | 2017-10-11 | |
| https://access.redhat.com/security/cve/CVE-2007-0451 | 2007-03-13 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1618365 | 2007-03-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | <= 3.1.7 Search vendor "Apache" for product "Spamassassin" and version " <= 3.1.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | 3.0.1 Search vendor "Apache" for product "Spamassassin" and version "3.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | 3.0.2 Search vendor "Apache" for product "Spamassassin" and version "3.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | 3.0.3 Search vendor "Apache" for product "Spamassassin" and version "3.0.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | 3.0.4 Search vendor "Apache" for product "Spamassassin" and version "3.0.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | 3.1.0 Search vendor "Apache" for product "Spamassassin" and version "3.1.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | 3.1.1 Search vendor "Apache" for product "Spamassassin" and version "3.1.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Spamassassin Search vendor "Apache" for product "Spamassassin" | 3.1.2 Search vendor "Apache" for product "Spamassassin" and version "3.1.2" | - |
Affected
| ||||||