Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Apache SpamAssassin by Apache

    CVE-2019-12420 (GCVE-0-2019-12420)

    Vulnerability from nvd – Published: 2019-12-12 22:16 – Updated: 2024-08-04 23:17
    VLAI
    Summary
    In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service via excessive resource utilization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Apache SpamAssassin Affected: Apache SpamAssassin prior to 3.4.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:17:40.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
              },
              {
                "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
              },
              {
                "name": "DSA-4584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4584"
              },
              {
                "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Dec/27"
              },
              {
                "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
              },
              {
                "name": "USN-4237-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-1/"
              },
              {
                "name": "USN-4237-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-2/"
              },
              {
                "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache SpamAssassin",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache SpamAssassin prior to 3.4.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service via excessive resource utilization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T10:06:07.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
            },
            {
              "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
            },
            {
              "name": "DSA-4584",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4584"
            },
            {
              "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Dec/27"
            },
            {
              "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
            },
            {
              "name": "USN-4237-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-1/"
            },
            {
              "name": "USN-4237-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-2/"
            },
            {
              "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2019-12420",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache SpamAssassin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache SpamAssassin prior to 3.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service via excessive resource utilization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
                },
                {
                  "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt",
                  "refsource": "CONFIRM",
                  "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
                },
                {
                  "name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747",
                  "refsource": "MISC",
                  "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
                },
                {
                  "name": "DSA-4584",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4584"
                },
                {
                  "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Dec/27"
                },
                {
                  "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
                },
                {
                  "name": "USN-4237-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-1/"
                },
                {
                  "name": "USN-4237-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-2/"
                },
                {
                  "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f@%3Cusers.spamassassin.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2019-12420",
        "datePublished": "2019-12-12T22:16:05.000Z",
        "dateReserved": "2019-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:17:40.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11805 (GCVE-0-2018-11805)

    Vulnerability from nvd – Published: 2019-12-12 22:11 – Updated: 2024-08-05 08:17
    VLAI
    Summary
    In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    https://lists.apache.org/thread.html/6f89f82a573e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/d015dc5b4f24… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/2946b38caec4… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/12/12/1 mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/bc58907171c6… mailing-listx_refsource_MLIST
    https://seclists.org/oss-sec/2019/q4/154 x_refsource_MISC
    https://svn.apache.org/repos/asf/spamassassin/bra… x_refsource_CONFIRM
    https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647 x_refsource_CONFIRM
    https://www.debian.org/security/2019/dsa-4584 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2019/Dec/27 mailing-listx_refsource_BUGTRAQ
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/c1f59b7e13b7… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/8534b60bae95… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/0b5c73809d06… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4237-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4237-2/ vendor-advisoryx_refsource_UBUNTU
    https://lists.apache.org/thread.html/rc4df9835fb2… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r217177f7de3… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc4df9835fb2… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r6729f3d3be7… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r71f789fcd63… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc4df9835fb2… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r6729f3d3be7… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/01/30/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/01/30/2 mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r2578c486552… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r6729f3d3be7… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r3d32ebf97b1… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Impacted products
    Vendor Product Version
    Apache Apache SpamAssassin Affected: Apache SpamAssassin prior to 3.4.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:17:09.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
              },
              {
                "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/oss-sec/2019/q4/154"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
              },
              {
                "name": "DSA-4584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4584"
              },
              {
                "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Dec/27"
              },
              {
                "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
              },
              {
                "name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "USN-4237-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-1/"
              },
              {
                "name": "USN-4237-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-2/"
              },
              {
                "name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
              },
              {
                "name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
              },
              {
                "name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
              },
              {
                "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:0446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache SpamAssassin",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache SpamAssassin prior to 3.4.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-04T20:06:03.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
            },
            {
              "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://seclists.org/oss-sec/2019/q4/154"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
            },
            {
              "name": "DSA-4584",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4584"
            },
            {
              "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Dec/27"
            },
            {
              "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
            },
            {
              "name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "USN-4237-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-1/"
            },
            {
              "name": "USN-4237-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-2/"
            },
            {
              "name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
            },
            {
              "name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
            },
            {
              "name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
            },
            {
              "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2018-11805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache SpamAssassin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache SpamAssassin prior to 3.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
                },
                {
                  "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "https://seclists.org/oss-sec/2019/q4/154",
                  "refsource": "MISC",
                  "url": "https://seclists.org/oss-sec/2019/q4/154"
                },
                {
                  "name": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt",
                  "refsource": "CONFIRM",
                  "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
                },
                {
                  "name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647",
                  "refsource": "CONFIRM",
                  "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
                },
                {
                  "name": "DSA-4584",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4584"
                },
                {
                  "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Dec/27"
                },
                {
                  "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
                },
                {
                  "name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "USN-4237-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-1/"
                },
                {
                  "name": "USN-4237-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-2/"
                },
                {
                  "name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
                },
                {
                  "name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
                },
                {
                  "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "openSUSE-SU-2020:0446",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2018-11805",
        "datePublished": "2019-12-12T22:11:05.000Z",
        "dateReserved": "2018-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T08:17:09.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-12420 (GCVE-0-2019-12420)

    Vulnerability from cvelistv5 – Published: 2019-12-12 22:16 – Updated: 2024-08-04 23:17
    VLAI
    Summary
    In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service via excessive resource utilization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Apache SpamAssassin Affected: Apache SpamAssassin prior to 3.4.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:17:40.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
              },
              {
                "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
              },
              {
                "name": "DSA-4584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4584"
              },
              {
                "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Dec/27"
              },
              {
                "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
              },
              {
                "name": "USN-4237-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-1/"
              },
              {
                "name": "USN-4237-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-2/"
              },
              {
                "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache SpamAssassin",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache SpamAssassin prior to 3.4.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service via excessive resource utilization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-31T10:06:07.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
            },
            {
              "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
            },
            {
              "name": "DSA-4584",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4584"
            },
            {
              "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Dec/27"
            },
            {
              "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
            },
            {
              "name": "USN-4237-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-1/"
            },
            {
              "name": "USN-4237-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-2/"
            },
            {
              "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2019-12420",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache SpamAssassin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache SpamAssassin prior to 3.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service via excessive resource utilization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/12/2"
                },
                {
                  "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt",
                  "refsource": "CONFIRM",
                  "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
                },
                {
                  "name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747",
                  "refsource": "MISC",
                  "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747"
                },
                {
                  "name": "DSA-4584",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4584"
                },
                {
                  "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Dec/27"
                },
                {
                  "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
                },
                {
                  "name": "USN-4237-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-1/"
                },
                {
                  "name": "USN-4237-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-2/"
                },
                {
                  "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f@%3Cusers.spamassassin.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2019-12420",
        "datePublished": "2019-12-12T22:16:05.000Z",
        "dateReserved": "2019-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:17:40.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-11805 (GCVE-0-2018-11805)

    Vulnerability from cvelistv5 – Published: 2019-12-12 22:11 – Updated: 2024-08-05 08:17
    VLAI
    Summary
    In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    URL Tags
    https://lists.apache.org/thread.html/6f89f82a573e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/d015dc5b4f24… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/2946b38caec4… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2019/12/12/1 mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/bc58907171c6… mailing-listx_refsource_MLIST
    https://seclists.org/oss-sec/2019/q4/154 x_refsource_MISC
    https://svn.apache.org/repos/asf/spamassassin/bra… x_refsource_CONFIRM
    https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647 x_refsource_CONFIRM
    https://www.debian.org/security/2019/dsa-4584 vendor-advisoryx_refsource_DEBIAN
    https://seclists.org/bugtraq/2019/Dec/27 mailing-listx_refsource_BUGTRAQ
    https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/c1f59b7e13b7… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/8534b60bae95… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/0b5c73809d06… mailing-listx_refsource_MLIST
    https://usn.ubuntu.com/4237-1/ vendor-advisoryx_refsource_UBUNTU
    https://usn.ubuntu.com/4237-2/ vendor-advisoryx_refsource_UBUNTU
    https://lists.apache.org/thread.html/rc4df9835fb2… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r217177f7de3… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc4df9835fb2… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r6729f3d3be7… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r71f789fcd63… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/rc4df9835fb2… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r6729f3d3be7… mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/01/30/3 mailing-listx_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2020/01/30/2 mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r2578c486552… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r6729f3d3be7… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/r3d32ebf97b1… mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Impacted products
    Vendor Product Version
    Apache Apache SpamAssassin Affected: Apache SpamAssassin prior to 3.4.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:17:09.279Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
              },
              {
                "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://seclists.org/oss-sec/2019/q4/154"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
              },
              {
                "name": "DSA-4584",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4584"
              },
              {
                "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Dec/27"
              },
              {
                "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
              },
              {
                "name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "USN-4237-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-1/"
              },
              {
                "name": "USN-4237-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4237-2/"
              },
              {
                "name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
              },
              {
                "name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
              },
              {
                "name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
              },
              {
                "name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
              },
              {
                "name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
              },
              {
                "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
              },
              {
                "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:0446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache SpamAssassin",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache SpamAssassin prior to 3.4.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-04T20:06:03.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
            },
            {
              "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433%40%3Cannounce.apache.org%3E"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://seclists.org/oss-sec/2019/q4/154"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
            },
            {
              "name": "DSA-4584",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4584"
            },
            {
              "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Dec/27"
            },
            {
              "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
            },
            {
              "name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "USN-4237-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-1/"
            },
            {
              "name": "USN-4237-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4237-2/"
            },
            {
              "name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b%40%3Cannounce.spamassassin.apache.org%3E"
            },
            {
              "name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781%40%3Cannounce.apache.org%3E"
            },
            {
              "name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cdev.spamassassin.apache.org%3E"
            },
            {
              "name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
            },
            {
              "name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
            },
            {
              "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a%40%3Cannounce.apache.org%3E"
            },
            {
              "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2018-11805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache SpamAssassin",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache SpamAssassin prior to 3.4.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[spamassassin-users] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/6f89f82a573ea616dce53ec67e52d963618a9f9ac71da5c1efdbd166@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-dev] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/d015dc5b4f24fd6777a85d068502a9c5d58d69d877ed5b0eb9a22cd5@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/2946b38caec47f7f6a79e8e03d2aa723794186e59a7dc6b5e76dfc18@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[oss-security] 20191212 Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2019/12/12/1"
                },
                {
                  "name": "[announce] 20191212 [SECURITY] Apache SpamAssassin v3.4.3 released with fix for CVE-2018-11805",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/bc58907171c6585e5875a3ce86066d4956c218911cb74e3156de4433@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "https://seclists.org/oss-sec/2019/q4/154",
                  "refsource": "MISC",
                  "url": "https://seclists.org/oss-sec/2019/q4/154"
                },
                {
                  "name": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt",
                  "refsource": "CONFIRM",
                  "url": "https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt"
                },
                {
                  "name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647",
                  "refsource": "CONFIRM",
                  "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7647"
                },
                {
                  "name": "DSA-4584",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2019/dsa-4584"
                },
                {
                  "name": "20191216 [SECURITY] [DSA 4584-1] spamassassin security update",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Dec/27"
                },
                {
                  "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html"
                },
                {
                  "name": "[spamassassin-users] 20191218 CVE-2018-11805 fix and sa-exim",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/c1f59b7e13b7f2c12f847f7d0dec2636df3cdbcaa6d8309007395ff4@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20191218 Re: CVE-2018-11805 fix and sa-exim",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/8534b60bae95ac3a8a4adb840f4ab26135f1c973ce197ff44439cbae@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "USN-4237-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-1/"
                },
                {
                  "name": "USN-4237-2",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4237-2/"
                },
                {
                  "name": "[spamassassin-dev] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r217177f7de36deab36dab88db4b6448961122571176dd4b2c133d08e@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[spamassassin-announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r71f789fcd6339144e3d4db8f4128def12c341e638bd0107a0b82a05b@%3Cannounce.spamassassin.apache.org%3E"
                },
                {
                  "name": "[announce] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/rc4df9835fb2d7b5bb1202fca99a1de21a40acef055661d3a9e8ae781@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "[spamassassin-dev] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cdev.spamassassin.apache.org%3E"
                },
                {
                  "name": "[oss-security] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/01/30/3"
                },
                {
                  "name": "[oss-security] 20200130 [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2020/01/30/2"
                },
                {
                  "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E"
                },
                {
                  "name": "[spamassassin-users] 20200131 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f@%3Cusers.spamassassin.apache.org%3E"
                },
                {
                  "name": "openSUSE-SU-2020:0446",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2018-11805",
        "datePublished": "2019-12-12T22:11:05.000Z",
        "dateReserved": "2018-06-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T08:17:09.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }