CVE-2018-11805 in Apache and Debian Products
Published on December 12, 2019

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-11805

stack.watch emails you whenever new vulnerabilities are published in Apache Spamassassin or Debian Linux. Just hit a watch button to start following.

Apache Spamassassin

Debian Linux

Affected Versions

Apache SpamAssassin Version Apache SpamAssassin prior to 3.4.3 is affected by CVE-2018-11805

Exploit Probability

EPSS

0.03%

Percentile

8.41%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-11805 in Apache and Debian ProductsPublished on December 12, 2019

Products Associated with CVE-2018-11805

Affected Versions

Exploit Probability

CVE-2018-11805 in Apache and Debian Products
Published on December 12, 2019