CVE-2005-3352

Severity

43%

Complexity

86%

Confidentiality

48%

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

Apache Software Foundation

First reported 19 years ago

2005-12-13 20:03:00

Last updated 6 years ago

2018-10-19 15:35:00

Affected Software

Apache Software Foundation Apache HTTP Server 1.3

1.3

Apache Software Foundation Apache HTTP Server 1.3.0

1.3.0

Apache Software Foundation Apache HTTP Server 1.3.1

1.3.1

Apache Software Foundation Apache HTTP Server 1.3.2

1.3.2

Apache Software Foundation Apache HTTP Server 1.3.3

1.3.3

Apache Software Foundation Apache HTTP Server 1.3.4

1.3.4

Apache Software Foundation Apache HTTP Server 1.3.5

1.3.5

Apache Software Foundation Apache HTTP Server 1.3.6

1.3.6

Apache Software Foundation Apache HTTP Server 1.3.7

1.3.7

Apache Software Foundation Apache HTTP Server 1.3.8

1.3.8

Apache Software Foundation Apache HTTP Server 1.3.9

1.3.9

Apache Software Foundation Apache 1.3.10

1.3.10

Apache Software Foundation Apache HTTP Server 1.3.11

1.3.11

Apache Software Foundation Apache HTTP Server 1.3.12

1.3.12

Apache Software Foundation Apache 1.3.13

1.3.13

Apache Software Foundation Apache HTTP Server 1.3.14

1.3.14

Apache Software Foundation Apache 1.3.15

1.3.15

Apache Software Foundation Apache 1.3.16

1.3.16

Apache Software Foundation Apache HTTP Server 1.3.17

1.3.17

Apache Software Foundation Apache HTTP Server 1.3.18

1.3.18

Apache Software Foundation Apache HTTP Server 1.3.19

1.3.19

Apache Software Foundation Apache HTTP Server 1.3.20

1.3.20

Apache Software Foundation Apache HTTP Server 1.3.22

1.3.22

Apache Software Foundation Apache HTTP Server 1.3.23

1.3.23

Apache Software Foundation Apache HTTP Server 1.3.24

1.3.24

Apache Software Foundation Apache HTTP Server 1.3.25

1.3.25

Apache Software Foundation Apache HTTP Server 1.3.26

1.3.26

Apache Software Foundation Apache HTTP Server 1.3.27

1.3.27

Apache Software Foundation Apache HTTP Server 1.3.28

1.3.28

Apache Software Foundation Apache HTTP Server 1.3.29

1.3.29

Apache Software Foundation Apache HTTP Server 1.3.30

1.3.30

Apache Software Foundation Apache HTTP Server 1.3.31

1.3.31

Apache Software Foundation Apache HTTP Server 1.3.32

1.3.32

Apache Software Foundation Apache HTTP Server 2.0

2.0

Apache Software Foundation Apache HTTP Server 2.0.9a

2.0.9

Apache Software Foundation Apache HTTP Server 2.0.28

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.28 Beta

2.0.28

Apache Software Foundation Apache HTTP Server 2.0.32

2.0.32

Apache Software Foundation Apache HTTP Server 2.0.35

2.0.35

Apache Software Foundation Apache HTTP Server 2.0.36

2.0.36

Apache Software Foundation Apache HTTP Server 2.0.37

2.0.37

Apache Software Foundation Apache HTTP Server 2.0.38

2.0.38

Apache Software Foundation Apache HTTP Server 2.0.39

2.0.39

Apache Software Foundation Apache HTTP Server 2.0.40

2.0.40

Apache Software Foundation Apache HTTP Server 2.0.41

2.0.41

Apache Software Foundation Apache HTTP Server 2.0.42

2.0.42

Apache Software Foundation Apache HTTP Server 2.0.43

2.0.43

Apache Software Foundation Apache HTTP Server 2.0.44

2.0.44

Apache Software Foundation Apache HTTP Server 2.0.45

2.0.45

Apache Software Foundation Apache HTTP Server 2.0.46

2.0.46

Apache Software Foundation Apache HTTP Server 2.0.47

2.0.47

Apache Software Foundation Apache HTTP Server 2.0.48

2.0.48

Apache Software Foundation Apache HTTP Server 2.0.49

2.0.49

Apache Software Foundation Apache HTTP Server 2.0.50

2.0.50

Apache Software Foundation Apache HTTP Server 2.0.51

2.0.51

Apache Software Foundation Apache HTTP Server 2.0.52

2.0.52

Apache Software Foundation Apache HTTP Server 2.0.53

2.0.53

Apache Software Foundation Apache HTTP Server 2.0.54

2.0.54

Apache Software Foundation Apache HTTP Server 2.0.55

2.0.55

Apache Software Foundation mod_imap

References

20060101-01-U

http://docs.info.apple.com/article.html?artnum=307562

SSRT071293

http://issues.apache.org/bugzilla/show_bug.cgi?id=37874

APPLE-SA-2008-05-28

APPLE-SA-2008-03-18

SUSE-SR:2007:011

SUSE-SR:2006:004

SSRT090208

RHSA-2006:0159

RHSA-2006:0692

17319

18008

18333

18339

18340

18429

18517

18526

18585

18743

19012

20046

20670

21744

22140

22368

22388

22669

23260

25239

29420

29849

30430

1015344

Patch

SSA:2006-130-01

SSA:2006-129-01

102662

102663

DSA-1167

GLSA-200602-03

SUSE-SA:2006:043

OpenPKG-SA-2005.029

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

FEDORA-2006-052

RHSA-2006:0158

FLSA-2006:175406

HPSBUX02145

SSRT061269

SSRT061265

15834

TSLSA-2005-0074

USN-241-1

TA08-150A

US Government Resource

ADV-2005-2870

ADV-2006-2423

ADV-2006-3995

ADV-2006-4015

ADV-2006-4300

ADV-2006-4868

ADV-2008-0924

ADV-2008-1246

ADV-2008-1697

PK16139

PK25355

MDKSA-2006:007

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:10480

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.