SpamAssassin < 3.1.8 Malformed HTML Long URI DoS

Low Nessus Network Monitor Plugin ID 3918


The remote host is vulnerable to a Denial of Service (DoS) attack.


The remote host is running SpamAssassin, an anti-spam software application that detects and blocks spam emails. Due to a content-parsing error, SpamAssassin can be crashed when processing very long URIs within an email message. An attacker exploiting this flaw would only need to have the ability to craft and send an email. Successful exploitation leads to a loss of availability.


Upgrade to version 3.1.8 or higher.

See Also

Plugin Details

Severity: Low

ID: 3918

File Name: 3918.prm

Family: SMTP Clients

Published: 2007/02/16

Modified: 2016/02/05

Dependencies: 1100

Risk Information

Risk Factor: Low


Base Score: 3.3

Temporal Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 4.2

Temporal Score: 3.9


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2007-0451

BID: 22584

OSVDB: 33207