Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-11780

Published: 17/09/2018 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Spamassassin

Vulnerability Summary

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin prior to 3.4.2.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache spamassassin

pdfinfo project pdfinfo -

debian debian linux 8.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 18.04

Vendor Advisories

Ubuntu Security Notice: spamassassin vulnerabilities
Several security issues were fixed in SpamAssassin ...
Ubuntu Security Notice: spamassassin vulnerabilities
Several security issues were fixed in SpamAssassin ...
Debian CVElist Bug Report Logs: spamassassin: CVE-2018-11781: local user code injection in the meta rule syntax
Debian Bug report logs - #908971 spamassassin: CVE-2018-11781: local user code injection in the meta rule syntax Package: src:spamassassin; Maintainer for src:spamassassin is Noah Meyerhans <noahm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Sep 2018 20:45:07 UTC Severity: grave Ta ...
Debian CVElist Bug Report Logs: spamassassin: CVE-2017-15705: denial of service vulnerability
Debian Bug report logs - #908969 spamassassin: CVE-2017-15705: denial of service vulnerability Package: src:spamassassin; Maintainer for src:spamassassin is Noah Meyerhans <noahm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Sep 2018 20:45:02 UTC Severity: grave Tags: security, upst ...
Debian CVElist Bug Report Logs: spamassassin: CVE-2018-11780: potential remote code execution bug with the PDFInfo plugin
Debian Bug report logs - #908970 spamassassin: CVE-2018-11780: potential remote code execution bug with the PDFInfo plugin Package: src:spamassassin; Maintainer for src:spamassassin is Noah Meyerhans <noahm@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 16 Sep 2018 20:45:05 UTC Severity ...
Amazon Linux AMI: ALAS-2018-1091
A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax This could cause the arbitrary code execution on the server when these rules are being processed(CVE-2018-11781) A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 342(CVE-2018-11780) A f ...
Red Hat: CVE-2018-11780
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 342 ...

References

CWE-94http://www.securityfocus.com/bid/105373https://usn.ubuntu.com/3811-1/https://lists.debian.org/debian-lts-announce/2018/11/msg00016.htmlhttps://usn.ubuntu.com/3811-3/https://security.gentoo.org/glsa/201812-07http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.htmlhttps://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3Ehttps://nvd.nist.govhttps://usn.ubuntu.com/3811-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook