[Japanese]
|
JVNDB-2005-000727
|
mod_imap cross-site scripting vulnerability
|
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing.
mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
|
CVSS V2 Severity: Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Apache Software Foundation
- Apache HTTP Server 1.3.34 and ealier
- Apache HTTP Server 2.0.55 and ealier
- Apache HTTP Server 2.2.0
IBM Corporation
- IBM HTTP Server 1.3.26.x
- IBM HTTP Server 1.3.28.x
- IBM HTTP Server 2.0.42.x
- IBM HTTP Server 2.0.47.x
- IBM HTTP Server 6.0.x
Apple Inc.
- Apple Mac OS X v10.4.11
- Apple Mac OS X Server v10.4.11
- Apple Mac OS X Server v10.5.2
Oracle Corporation
- Oracle HTTP Server 10.1.3.5.0
Cybertrust Japan Co., Ltd.
- Asianux Server 3.0
- Asianux Server 3.0 (x86-64)
- Asianux Server 4.0
- Asianux Server 4.0 (x86-64)
Sun Microsystems, Inc.
- Sun Solaris 10 (sparc)
- Sun Solaris 10 (x86)
- Sun Solaris 8 (sparc)
- Sun Solaris 8 (x86)
- Sun Solaris 9 (sparc)
- Sun Solaris 9 (x86)
Turbolinux, Inc.
- Turbolinux 10_f
- Turbolinux Desktop 10
- Turbolinux FUJI
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux Server 10
- Turbolinux Server 10 (x64)
- Turbolinux Home
Hewlett-Packard Development Company,L.P
- HP-UX 11.00
- HP-UX 11.04
- HP-UX 11.11
- HP-UX 11.23
Red Hat, Inc.
- Red Hat Enterprise Linux 2.1 (as)
- Red Hat Enterprise Linux 3 (as)
- Red Hat Enterprise Linux 4 (as)
- Red Hat Enterprise Linux 2.1 (es)
- Red Hat Enterprise Linux 3 (es)
- Red Hat Enterprise Linux 4 (es)
- Red Hat Enterprise Linux 2.1 (ws)
- Red Hat Enterprise Linux 3 (ws)
- Red Hat Enterprise Linux 4 (ws)
- Red Hat Linux Advanced Workstation 2.1
Hitachi, Ltd
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Application Server Version 5
- Cosminexus Developer Light Version 6
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Version 5
- Cosminexus Server - Enterprise Edition
- Cosminexus Server - Standard Edition
- Cosminexus Server - Standard Edition Version 4
- Cosminexus Server - Web Edition
- Cosminexus Server - Web Edition Version 4
- Hitachi Web Server
- Hitachi Web Server - Custom Edition
- Hitachi Web Server - Security Enhancement
- Hitachi Web Server for VOS3
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Smart Edition
- uCosminexus Application Server Standard
- uCosminexus Developer Professional
- uCosminexus Developer Light
- uCosminexus Developer Standard
- uCosminexus Service Architect
- uCosminexus Service Platform
|
Please refer to HS06-022 provided by Hitachi for more details.
|
A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where mod_imap or mod_imagemap is used.
|
|
Apache Software Foundation
- Apache httpd 1.3 vulnerabilities : 1.3.35
- Apache httpd 2.0 vulnerabilities : 2.0.58
- Apache httpd 2.2 vulnerabilities : 2.2.2
- Changes with Apache : 1.3.35
- Changes with Apache : 2.0.58
- Changes with Apache : 2.2.2
IBM Corporation
Apple Inc.
Oracle Corporation
Cybertrust Japan Co., Ltd.
Sun Microsystems, Inc.
- Sun Alert Notification : 102662
- Sun Alert Notification : 102663
Turbolinux, Inc.
Hewlett-Packard Development Company,L.P
Red Hat, Inc.
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS06-022
|
|
- CVE-2005-3352
|
- JVN : JVN#06045169
- JVN Status Tracking Notes : TRTA08-079A
- JVN Status Tracking Notes : TRTA08-150A
- National Vulnerability Database (NVD) : CVE-2005-3352
- US-CERT Cyber Security Alerts : SA08-079A
- US-CERT Cyber Security Alerts : SA08-150A
- US-CERT Technical Cyber Security Alert : TA08-079A
- US-CERT Technical Cyber Security Alert : TA08-150A
- SecurityFocus : 15834
|
- [2008/05/21]
Web page published
[2008/06/06]
Affected Products : Added Apple Inc (Security Update 2008-002)
Vendor Information : Added Apple Inc (Security Update 2008-002)
[2008/06/17]
Vendor Information : Added Apple Inc (Security Update 2008-003)
[2013/07/18]
Affected Products : Product of Oracle was added
Vendor Information : Contents of Oracle were added
[2014/05/22]
Affected Products : Products were added
Vendor Information : Content was added
|