VDB
CVE-2006-2447
CVE-2006-2447
PUBLISHED
CVSS 5.099999904632568 MEDIUM
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
EPSS 75.80% · 98.9th percentile
Risk Scores
CVSS 2.0
5.099999904632568
EPSS Score
75.80%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| apache | spamassassin | 3.1.1, 3.1.2, 3.1.0 |
Timeline
- Jun 6, 2006 CVE Published
- Apr 30, 2010 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jun 25, 2023 EPSS Score
References
- 20482 third-party-advisory
- 20060607 rPSA-2006-0096-1 spamassassin mailing-list
- oval:org.mitre.oval:def:9184 vdb
- 2006-0034 vendor-advisory
- GLSA-200606-09 vendor-advisory
- 20692 third-party-advisory
- 20566 third-party-advisory
- 18290 vdb
- 20430 third-party-advisory
- http://www.nabble.com/ANNOUNCE%3A-Apache-SpamAssassin-3.1.3-available%21-t1736096.html url
- RHSA-2006:0543 vendor-advisory
- ADV-2006-2148 vdb
- 20531 third-party-advisory
- 1016230 vdb
- DSA-1090 vendor-advisory
- spamassassin-spamd-command-execution(27008) vdb
- 20443 third-party-advisory
- 1016235 vdb
- MDKSA-2006:103 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-2447 advisory
…and 1 more