Denial of Service Vulnerability in Apache SpamAssassin by The Apache Software Foundation
CVE-2005-1266

Currently unrated

Key Information:

Vendor: Apache
Status: Spamassassin
Vendor: CVE Published:; 15 June 2005

What is CVE-2005-1266?

Apache SpamAssassin versions 3.0.1, 3.0.2, and 3.0.3 exhibit a vulnerability that can be exploited by remote attackers to create a denial of service condition. This is achieved through the use of a specially crafted message containing an excessively long Content-Type header. The vulnerability can lead to increased CPU consumption and performance degradation, effectively slowing down the service and disrupting email filtering operations.

References

http://www.vuxml.org/freebsd/cc4ce06b-e01c-11d9-a8bd-000c...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/13978

vdb-entryx_refsource_BID

http://bugs.gentoo.org/show_bug.cgi?id=94722

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2005
Vulnerability Reserved
Apr 25, 2005