Apache SpamAssassin CVE-2018-11780 Remote Code Execution Vulnerability
BID:105373
CVE-2018-11780 |Info
Apache SpamAssassin CVE-2018-11780 Remote Code Execution Vulnerability
| Bugtraq ID: | 105373 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-11780 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2018 12:00AM |
| Updated: | Sep 17 2018 12:00AM |
| Credit: | cPanel Security Team |
| Vulnerable: |
SpamAssassin SpamAssassin 3.3.2 SpamAssassin SpamAssassin 3.2.1 SpamAssassin SpamAssassin 3.2 SpamAssassin SpamAssassin 3.1.9 SpamAssassin SpamAssassin 3.1.8 SpamAssassin SpamAssassin 3.1.7 SpamAssassin SpamAssassin 3.1.6 SpamAssassin SpamAssassin 3.1.5 SpamAssassin SpamAssassin 3.1.4 SpamAssassin SpamAssassin 3.1.3 SpamAssassin SpamAssassin 3.1.2 SpamAssassin SpamAssassin 3.1.1 SpamAssassin SpamAssassin 3.1 SpamAssassin SpamAssassin 3.0.6 SpamAssassin SpamAssassin 3.0.5 SpamAssassin SpamAssassin 3.0.4 SpamAssassin SpamAssassin 3.0.3 SpamAssassin SpamAssassin 3.0.2 SpamAssassin SpamAssassin 3.0.1 SpamAssassin SpamAssassin 3.0 SpamAssassin SpamAssassin 2.64 SpamAssassin SpamAssassin 2.63 SpamAssassin SpamAssassin 2.60 SpamAssassin SpamAssassin 2.55 SpamAssassin SpamAssassin 2.50 0 SpamAssassin SpamAssassin 2.44 SpamAssassin SpamAssassin 2.43 0 SpamAssassin SpamAssassin 2.42 0 SpamAssassin SpamAssassin 2.41 0 SpamAssassin SpamAssassin 2.40 |
| Not Vulnerable: |
SpamAssassin SpamAssassin 3.4.2 |
Discussion
Apache SpamAssassin CVE-2018-11780 Remote Code Execution Vulnerability
Apache SpamAssassin is prone to a remote code-execution vulnerability.
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application.
Versions prior to SpamAssassin 3.4.2 are vulnerable.
Apache SpamAssassin is prone to a remote code-execution vulnerability.
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the application.
Versions prior to SpamAssassin 3.4.2 are vulnerable.
Exploit / POC
Apache SpamAssassin CVE-2018-11780 Remote Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Apache SpamAssassin CVE-2018-11780 Remote Code Execution Vulnerability
References:
References:
- Apache Homepage (Apache)
- Apache SpamAssassin 3.4.2 was recently released (Apache)
- Bug 1629532 CVE-2018-11780 spamassassin: Potential RCE (Redhat)
- CVE-2018-11780 (Redhat)