cnvd - cnvd-2018-19510

cnvd-2018-19510

Vulnerability from cnvd

Title: Apache SpamAssassin拒绝服务漏洞

Description:

Apache SpamAssassin是美国阿帕奇（Apache）公司的一个邮件过滤程序与API，能够有效防止邮件遭受垃圾邮件的骚扰。

Apache SpamAssassin存在拒绝服务漏洞。攻击者可利用漏洞造成拒绝服务。

Severity: 中

Patch Name: Apache SpamAssassin拒绝服务漏洞的补丁

Patch Description:

Apache SpamAssassin是美国阿帕奇（Apache）公司的一个邮件过滤程序与API，能够有效防止邮件遭受垃圾邮件的骚扰。

Apache SpamAssassin存在拒绝服务漏洞。攻击者可利用漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://bugzilla.redhat.com/show_bug.cgi?id=1629521

Reference: https://www.securityfocus.com/bid/105347

Impacted products

Name
Apache SpamAssassin <3.4.2

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105347"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15705",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15705"
    }
  },
  "description": "Apache SpamAssassin\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u90ae\u4ef6\u8fc7\u6ee4\u7a0b\u5e8f\u4e0eAPI\uff0c\u80fd\u591f\u6709\u6548\u9632\u6b62\u90ae\u4ef6\u906d\u53d7\u5783\u573e\u90ae\u4ef6\u7684\u9a9a\u6270\u3002\r\n\r\nApache SpamAssassin\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Apache",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1629521",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-19510",
  "openTime": "2018-09-20",
  "patchDescription": "Apache SpamAssassin\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u90ae\u4ef6\u8fc7\u6ee4\u7a0b\u5e8f\u4e0eAPI\uff0c\u80fd\u591f\u6709\u6548\u9632\u6b62\u90ae\u4ef6\u906d\u53d7\u5783\u573e\u90ae\u4ef6\u7684\u9a9a\u6270\u3002\r\n\r\nApache SpamAssassin\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache SpamAssassin\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache SpamAssassin \u003c3.4.2"
  },
  "referenceLink": "https://www.securityfocus.com/bid/105347",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-20",
  "title": "Apache SpamAssassin\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-15705 (GCVE-0-2017-15705)

Vulnerability from cvelistv5

Published

2018-09-17 14:00

Modified

2024-09-16 23:15

Severity ?

CWE

Denial of Service

Summary

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the "open" event is immediately followed by a "close" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the "text" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.

References

▼	URL	Tags
	https://usn.ubuntu.com/3811-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3811-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/201812-07	vendor-advisory, x_refsource_GENTOO
	https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2018:2916	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/105347	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache SpamAssassin	Version: all modern versions before 3.4.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:04:48.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3811-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3811-2/"
          },
          {
            "name": "USN-3811-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3811-1/"
          },
          {
            "name": "GLSA-201812-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201812-07"
          },
          {
            "name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "RHSA-2018:2916",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2916"
          },
          {
            "name": "105347",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105347"
          },
          {
            "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
          },
          {
            "name": "openSUSE-SU-2019:1831",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache SpamAssassin",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "all modern versions before 3.4.2"
            }
          ]
        }
      ],
      "datePublic": "2018-09-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-06T20:06:06",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "USN-3811-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3811-2/"
        },
        {
          "name": "USN-3811-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3811-1/"
        },
        {
          "name": "GLSA-201812-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201812-07"
        },
        {
          "name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "RHSA-2018:2916",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2916"
        },
        {
          "name": "105347",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105347"
        },
        {
          "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
        },
        {
          "name": "openSUSE-SU-2019:1831",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2018-09-16T00:00:00",
          "ID": "CVE-2017-15705",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache SpamAssassin",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all modern versions before 3.4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3811-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3811-2/"
            },
            {
              "name": "USN-3811-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3811-1/"
            },
            {
              "name": "GLSA-201812-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201812-07"
            },
            {
              "name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
            },
            {
              "name": "RHSA-2018:2916",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2916"
            },
            {
              "name": "105347",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105347"
            },
            {
              "name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
            },
            {
              "name": "openSUSE-SU-2019:1831",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2017-15705",
    "datePublished": "2018-09-17T14:00:00Z",
    "dateReserved": "2017-10-21T00:00:00",
    "dateUpdated": "2024-09-16T23:15:46.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted