Lucene search

K
cvelistApacheCVELIST:CVE-2018-11805
HistoryDec 12, 2019 - 10:11 p.m.

CVE-2018-11805

2019-12-1222:11:05
apache
www.cve.org

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.

CNA Affected

[
  {
    "product": "Apache SpamAssassin",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "Apache SpamAssassin prior to 3.4.3"
      }
    ]
  }
]

References