|
[Japanese]
|
JVNDB-2007-000819
|
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
|
|
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.
|
|
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Apache Software Foundation
- Apache HTTP Server 2.2.6 and earlier
- Apache HTTP Server 2.0.61 and earlier
- Apache HTTP Server 1.3.39 and earlier
IBM Corporation
- IBM HTTP Server 6.0.2.27
- IBM HTTP Server 6.1.0.15
- IBM HTTP Server 2.0.47.1
- IBM HTTP Server 1.3.28.1
Apple Inc.
- Apple Mac OS X v10.4.11
- Apple Mac OS X v10.5.2
- Apple Mac OS X Server v10.4.11
- Apple Mac OS X Server v10.5.2
Oracle Corporation
- Oracle HTTP Server 10.1.3.5.0
Sun Microsystems, Inc.
- Sun Solaris 10 (sparc)
- Sun Solaris 10 (x86)
- Sun Solaris 8 (sparc)
- Sun Solaris 8 (x86)
- Sun Solaris 9 (sparc)
- Sun Solaris 9 (x86)
Turbolinux, Inc.
- Turbolinux Appliance Server 1.0 (hosting)
- Turbolinux Appliance Server 1.0 (workgroup)
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux Server 10
- Turbolinux Server 10 (x64)
- Turbolinux Server 11
- Turbolinux Server 11 (x64)
- Turbolinux Server 8
Hewlett-Packard Development Company, L.P
- HP-UX 11.11
- HP-UX 11.23
- HP-UX 11.31
MIRACLE LINUX CORPORATION
- Asianux Server 3 (x86)
- Asianux Server 3 (x86-64)
- Asianux Server 2.0
- Asianux Server 2.1
- Asianux Server 3.0
- Asianux Server 3.0 (x86-64)
- Asianux Server 4.0
- Asianux Server 4.0 (x86-64)
Red Hat, Inc.
- Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
- Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
- Red Hat Enterprise Linux 5 (server)
- Red Hat Enterprise Linux 2.1 (as)
- Red Hat Enterprise Linux 3 (as)
- Red Hat Enterprise Linux 4 (as)
- Red Hat Enterprise Linux 2.1 (es)
- Red Hat Enterprise Linux 3 (es)
- Red Hat Enterprise Linux 4 (es)
- Red Hat Enterprise Linux 2.1 (ws)
- Red Hat Enterprise Linux 3 (ws)
- Red Hat Enterprise Linux 4 (ws)
- Red Hat Enterprise Linux Desktop 3.0
- Red Hat Enterprise Linux Desktop 4.0
- Red Hat Enterprise Linux Desktop 5.0 (client)
- Red Hat Linux Advanced Workstation 2.1
- RHEL Desktop Workstation 5 (client)
NEC Corporation
Hitachi, Ltd
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Application Server Version 5
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Light Version 6
- Cosminexus Developer Version 5
- Cosminexus Server Standard Edition Version 4
- Cosminexus Server Web Edition Version 4
- Cosminexus Server Enterprise Edition
- Cosminexus Server Standard Edition
- Cosminexus Server Web Edition
- Hitachi Web Server
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Standard
- uCosminexus Developer Professional
- uCosminexus Developer Standard
- uCosminexus Developer Light
- uCosminexus Service Platform
- uCosminexus Service Architect
FUJITSU
- Interstage Application Framework Suite
- Interstage Application Server
- Interstage Apworks
- Interstage Business Application Server
- Interstage Job Workload Server
- Interstage Studio
- Interstage Web Server
- Systemwalker Resource Coordinator
|
|
|
An arbitrary script can be executed on the user's web browser.
|
|
[Apply the Patch]
Apply the appropriate patches according to the information provided by the vendors.
[Workarounds]
Use client-side image mapping instead of server-side image mapping.
|
|
Apache Software Foundation
IBM Corporation
Apple Inc.
Oracle Corporation
Sun Microsystems, Inc.
- Sun Alert Notification : 233623
Turbolinux, Inc.
Hewlett-Packard Development Company, L.P
MIRACLE LINUX CORPORATION
- Asianux Technical Support Network : httpd-2.2.3-11.3.1AX (Japanese)
- MIRACLE LINUX Update Information : 1205 (Japanese)
- MIRACLE LINUX Update Information : 1224 (Japanese)
- MIRACLE LINUX Update Information : 1221 (Japanese)
Red Hat, Inc.
NEC Corporation
- NEC Security Information : NV07-013 (Japanese)
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS07-042
FUJITSU
|
|
- Cross-site Scripting(CWE-79) [NVD Evaluation]
|
|
- CVE-2007-5000
|
|
- JVN : JVN#80057925
- National Vulnerability Database (NVD) : CVE-2007-5000
- Secunia Advisory : SA28046
- Secunia Advisory : SA28073
- FrSIRT Advisories : FrSIRT/ADV-2007-4201
- FrSIRT Advisories : FrSIRT/ADV-2007-4202
|
|
- [2008/05/21]
Web page published
[2008/06/09]
Affected Products : Added Apple Inc (Security Update 2008-002).
Affected Products : Sun Microsystems, Inc (233623).
Affected Products : Added IBM Corporation (4019245).
Vendor Information : Added Apple Inc (Security Update 2008-002).
Vendor Information : Added Sun Microsystems, Inc (233623).
Vendor Information : Added IBM Corporation.
7005198
7007033
4019245
PK65782
[2008/06/18]
Vendor Information : Added Apple Inc (Security Update 2008-002).
[2009/08/10]
Affected Products : Updated NEC Corporation (NV07-013).
[2013/07/18]
Affected Products : Product of Oracle was added.
Vendor Information : Contents of Oracle were added.
|
