CVE-2018-11780

EPSS 7.1%
Veröffentlicht 17.09.2018 14:29:00
Zuletzt bearbeitet 21.11.2024 03:44:01
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Spamassassin Version < 3.4.2

Pdfinfo Project ≫ Pdfinfo Version-

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.1%	0.912

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E

https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/201812-07

Third Party Advisory

https://usn.ubuntu.com/3811-1/

Third Party Advisory

http://www.securityfocus.com/bid/105373

Third Party Advisory

VDB Entry