CVE-2007-0451 | Vulnerability Database | Aqua Security

Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers massive memory usage.

Affected Software

Name	Vendor	Start Version	End Version
Spamassassin	Apache	*	3.1.7 (including)
Spamassassin	Apache	3.0.1 (including)	3.0.1 (including)
Spamassassin	Apache	3.0.2 (including)	3.0.2 (including)
Spamassassin	Apache	3.0.3 (including)	3.0.3 (including)
Spamassassin	Apache	3.0.4 (including)	3.0.4 (including)
Spamassassin	Apache	3.1.0 (including)	3.1.0 (including)
Spamassassin	Apache	3.1.1 (including)	3.1.1 (including)
Spamassassin	Apache	3.1.2 (including)	3.1.2 (including)

References

http://fedoranews.org/cms/node/2657
http://fedoranews.org/cms/node/2659
http://osvdb.org/33207
http://rhn.redhat.com/errata/RHSA-2007-0074.html
http://secunia.com/advisories/24197
http://secunia.com/advisories/24200
http://secunia.com/advisories/24250
http://secunia.com/advisories/24256
http://secunia.com/advisories/24265
http://secunia.com/advisories/24307
http://secunia.com/advisories/24889
http://security.gentoo.org/glsa/glsa-200703-02.xml
http://spamassassin.apache.org/advisories/cve-2007-0451.txt
http://svn.apache.org/repos/asf/spamassassin/branches/3.1/build/announcements/3.1.8.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:049
http://www.novell.com/linux/security/advisories/2007_6_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0075.html
http://www.securityfocus.com/bid/22584
http://www.securitytracker.com/id?1017666
http://www.vupen.com/english/advisories/2007/0628
https://exchange.xforce.ibmcloud.com/vulnerabilities/32536
https://issues.rpath.com/browse/RPL-1073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10018

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0451
CWE	https://cwe.mitre.org/data/definitions/399.html