Apache: >> Spamassassin Security Vulnerabilities
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVSS Score
5.1
EPSS Score
0.74
Published
2006-06-06
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
CVSS Score
5.0
EPSS Score
0.195
Published
2005-11-20
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
CVSS Score
5.0
EPSS Score
0.059
Published
2005-06-15
Page 2