39134 : Apache mod_imagemap Module Imagemap Unspecified XSS
Printer | http://osvdb.org/39134 | Email This | Edit Vulnerability

Views This Week

5

Views All Time

157

Info

Last Modified

15 days ago

Percent Complete

20%

Disclosure

Dec 12, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 20% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
OSVDB: Web Related

Products

Unknown or Incomplete

References

FrSIRT Advisory: ADV-2007-4201 ADV-2007-4202 ADV-2007-4301
Bugtraq ID: 26838
Vendor Specific News/Changelog Entry: http://httpd.apache.org/security/vulnerabilities_13.html
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
Other Advisory URL: HPSBUX02308 SSRT080010: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware- ......
http://sunsolve.sun.com/search/document.do?assetkey=1-66-233623-1
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200 ......
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:016
http://www.ubuntu.com/usn/usn-575-1
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.ht ......
https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.Readme.ht ......
ISS X-Force ID: 39001 39002
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=307562
http://support.apple.com/kb/HT1897
http://www.hitachi-support.com/security_e/vuls_e/HS07-042_e/index-e.html
Secunia Advisory ID: 28046 28073 28081 28082 28196 28375 28467 28471 28525 28526 28607 28749 28750 28922 28977 29420 29640 29806 29988 30356 30430 30732
CVE ID: 2007-5000 (see also: NVD)
Vendor Specific Solution URL: ftp://ftp.software.ibm.com/software/websphere/ihs/support/fixes/PK65782/
Security Tracker: 1019093

Tools & Filters

Nessus	29974 29975 30184 31099 31100 31118 31407 31766 31768
Snort	13302

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

User Status

Account
- Login
- Sign-Up

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use