Published: 13/12/2005 Updated: 19/01/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Apache

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd prior to 1.3.35-dev and Apache httpd 2.0.x prior to 2.0.56-dev allows remote malicious users to inject arbitrary web script or HTML via the Referer when using image maps.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 2.2
apache http server

Debian Bug report logs - #343466 [CVE-2005-3352] XSS issue in mod_imap Package: apache; Maintainer for apache is (unknown); Reported by: Florian Weimer <fw@denebenyode> Date: Thu, 15 Dec 2005 14:18:01 UTC Severity: important Tags: patch, security, upstream Fixed in version apache/1334-2 Done: Adam Conrad <adconrad ...

The “mod_imap” module (which provides support for image maps) did not properly escape the “referer” URL which rendered it vulnerable against a cross-site scripting attack A malicious web page (or HTML email) could trick a user into visiting a site running the vulnerable mod_imap, and employ cross-site-scripting techniques to gather sensiti ...

Synopsis httpd security update Type/Severity Security Advisory: Moderate Topic Updated Apache httpd packages that correct three security issues are nowavailable for Red Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team D ...

Synopsis apache security update Type/Severity Security Advisory: Moderate Topic Updated Apache httpd packages that correct a security issue are nowavailable for Red Hat Enterprise Linux 21This update has been rated as having moderate security impact by the RedHat Security Response Team Descripti ...

Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-3352 A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache serve ...

CWE-79 http://securitytracker.com/id?1015344 http://www.securityfocus.com/bid/15834 http://secunia.com/advisories/18008 http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007 http://rhn.redhat.com/errata/RHSA-2006-0159.html http://www.trustix.org/errata/2005/0074/http://secunia.com/advisories/18333 http://secunia.com/advisories/18339 http://secunia.com/advisories/18340 http://www.ubuntulinux.org/usn/usn-241-1 http://secunia.com/advisories/18429 http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html http://secunia.com/advisories/18585 ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U http://secunia.com/advisories/18517 http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml http://secunia.com/advisories/18743 http://www.redhat.com/support/errata/RHSA-2006-0158.html http://secunia.com/advisories/17319 http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html http://secunia.com/advisories/18526 http://secunia.com/advisories/19012 http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only http://secunia.com/advisories/20670 http://www.novell.com/linux/security/advisories/2006_43_apache.html http://www.debian.org/security/2006/dsa-1167 http://secunia.com/advisories/21744 http://rhn.redhat.com/errata/RHSA-2006-0692.html http://secunia.com/advisories/22140 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 http://secunia.com/advisories/22368 http://secunia.com/advisories/22388 http://secunia.com/advisories/22669 http://secunia.com/advisories/23260 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158 http://secunia.com/advisories/20046 http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html http://secunia.com/advisories/25239 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29849 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://secunia.com/advisories/30430 http://www.vupen.com/english/advisories/2006/3995 http://www.vupen.com/english/advisories/2006/4300 http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2006/2423 http://www.vupen.com/english/advisories/2006/4015 http://www.vupen.com/english/advisories/2005/2870 http://www.vupen.com/english/advisories/2008/1246/references http://www.vupen.com/english/advisories/2006/4868 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480 http://www.securityfocus.com/archive/1/450321/100/0/threaded http://www.securityfocus.com/archive/1/450315/100/0/threaded http://www.securityfocus.com/archive/1/445206/100/0/threaded http://www.securityfocus.com/archive/1/425399/100/0/threaded https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343466 https://usn.ubuntu.com/241-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook