Spamassassin Security Vulnerabilities and Issues — Spamassassin CVE List

Lucene search

ApacheSpamassassin

4 matches found

CVE•added 2018/09/17 2:29 p.m.•179 views

CVE-2017-15705

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and ho...

5.3CVSS5.9AI score0.01839EPSS

CVE•added 2006/06/06 9:6 p.m.•61 views

CVE-2006-2447

SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.

5.1CVSS7.1AI score0.744EPSS

CVE•added 2005/06/22 4:0 a.m.•55 views

CVE-2005-1266

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.

5CVSS8.9AI score0.06726EPSS

CVE•added 2005/11/20 9:3 p.m.•45 views

CVE-2005-3351

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.

5CVSS6.1AI score0.17898EPSS