Remote Denial of Service Risk in Apache SpamAssassin by Malformed HTML URLs
CVE-2007-0451

Currently unrated

Key Information:

Vendor: Apache
Status: Spamassassin
Vendor: CVE Published:; 16 February 2007

Summary

Apache SpamAssassin versions prior to 3.1.8 are susceptible to a denial of service vulnerability that occurs when remote attackers send specially crafted requests containing long URLs in malformed HTML. This flaw can lead to excessive memory consumption, preventing legitimate users from accessing services and potentially crippling the application.

References

http://spamassassin.apache.org/advisories/cve-2007-0451.txt

x_refsource_CONFIRM

http://secunia.com/advisories/24200

third-party-advisoryx_refsource_SECUNIA

https://issues.rpath.com/browse/RPL-1073

x_refsource_CONFIRM

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 16, 2007
Vulnerability Reserved
Jan 23, 2007