FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache -- mod_imap cross-site scripting flaw

Affected packages
1.3 <= apache < 1.3.34_3
2.0.35 <= apache < 2.0.55_2
2.1 <= apache < 2.1.9_3
2.2 <= apache < 2.2.0_3
apache+mod_perl < 1.3.34_1
0 <= apache_fp
apache+ipv6 < 1.3.37
ru-apache < 1.3.34+30.22_1
ru-apache+mod_ssl < 1.3.34+30.22+2.8.25_1
1.3.0 <= apache+ssl < 1.3.33.1.55_2
apache+mod_ssl < 1.3.34+2.8.25_1
apache+mod_ssl+ipv6 < 1.3.34+2.8.25_1
apache+mod_ssl+mod_accel < 1.3.34+2.8.25_1
apache+mod_ssl+mod_accel+ipv6 < 1.3.34+2.8.25_1
apache+mod_ssl+mod_accel+mod_deflate < 1.3.34+2.8.25_1
apache+mod_ssl+mod_accel+mod_deflate+ipv6 < 1.3.34+2.8.25_1
apache+mod_ssl+mod_deflate < 1.3.34+2.8.25_1
apache+mod_ssl+mod_deflate+ipv6 < 1.3.34+2.8.25_1
apache+mod_ssl+mod_snmp < 1.3.34+2.8.25_1
apache+mod_ssl+mod_snmp+mod_accel < 1.3.34+2.8.25_1
apache+mod_ssl+mod_snmp+mod_accel+ipv6 < 1.3.34+2.8.25_1
apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.34+2.8.25_1
apache+mod_ssl+mod_snmp+mod_deflate < 1.3.34+2.8.25_1
apache+mod_ssl+mod_snmp+mod_deflate+ipv6 < 1.3.34+2.8.25_1

Details

VuXML ID 9fff8dc8-7aa7-11da-bf72-00123f589060
Discovery 2005-11-01
Entry 2006-01-01
Modified 2009-01-23

The Apache HTTP Server Project reports:

A flaw in mod_imap when using the Referer directive with image maps. In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers.

[source]

References

Bugtraq ID 15834
CVE Name CVE-2005-3352
URL http://www.apacheweek.com/features/security-13
URL http://www.apacheweek.com/features/security-20

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.