National Vulnerability Database (NVD) National Vulnerability Database (CVE-2005-3352)

National Cyber-Alert System

Vulnerability Summary for CVE-2005-3352

Original release date:12/13/2005

Last revised:09/05/2008

Source: US-CERT/NIST

Overview

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Allows unauthorized modification

Vendor Statments (disclaimer)

Official Statement from Apache (07/02/2008): Fixed in Apache HTTP Server 2.2.2, 2.0.58, and 1.3.35: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA08-150A

Name: TA08-150A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-150A.html

External Source: SECTRACK

Name: 1015344

Type: Patch Information

Hyperlink:http://securitytracker.com/id?1015344

External Source: MANDRIVA

Name: MDKSA-2006:007

Hyperlink:http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007

External Source: UBUNTU

Name: USN-241-1

Hyperlink:http://www.ubuntulinux.org/usn/usn-241-1

External Source: TRUSTIX

Name: TSLSA-2005-0074

Hyperlink:http://www.trustix.org/errata/2005/0074/

External Source: BID

Name: 15834

Hyperlink:http://www.securityfocus.com/bid/15834

External Source: FEDORA

Name: FLSA-2006:175406

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/425399/100/0/threaded

External Source: REDHAT

Name: RHSA-2006:0158

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0158.html

External Source: FEDORA

Name: FEDORA-2006-052

Hyperlink:http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html

External Source: OPENPKG

Name: OpenPKG-SA-2005.029

Hyperlink:http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt

External Source: GENTOO

Name: GLSA-200602-03

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml

External Source: VUPEN

Name: ADV-2005-2870

Hyperlink:http://www.frsirt.com/english/advisories/2005/2870

External Source: AIXAPAR

Name: PK16139

Hyperlink:http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only

External Source: SECUNIA

Name: 19012

Hyperlink:http://secunia.com/advisories/19012

External Source: SECUNIA

Name: 18743

Hyperlink:http://secunia.com/advisories/18743

External Source: SECUNIA

Name: 18585

Hyperlink:http://secunia.com/advisories/18585

External Source: SECUNIA

Name: 18526

Hyperlink:http://secunia.com/advisories/18526

External Source: SECUNIA

Name: 18517

Hyperlink:http://secunia.com/advisories/18517

External Source: SECUNIA

Name: 18429

Hyperlink:http://secunia.com/advisories/18429

External Source: SECUNIA

Name: 18340

Hyperlink:http://secunia.com/advisories/18340

External Source: SECUNIA

Name: 18339

Hyperlink:http://secunia.com/advisories/18339

External Source: SECUNIA

Name: 18333

Hyperlink:http://secunia.com/advisories/18333

External Source: SECUNIA

Name: 18008

Hyperlink:http://secunia.com/advisories/18008

External Source: SECUNIA

Name: 17319

Hyperlink:http://secunia.com/advisories/17319

External Source: REDHAT

Name: RHSA-2006:0159

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0159.html

External Source: SUSE

Name: SUSE-SR:2006:004

Hyperlink:http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

External Source: CONFIRM

Name: http://issues.apache.org/bugzilla/show_bug.cgi?id=37874

Hyperlink:http://issues.apache.org/bugzilla/show_bug.cgi?id=37874

External Source: SGI

Name: 20060101-01-U

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

External Source: HP

Name: HPSBUX02164

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/450321/100/0/threaded

External Source: HP

Name: HPSBUX02172

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/450315/100/0/threaded

External Source: HP

Name: HPSBUX02145

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/445206/100/0/threaded

External Source: SUSE

Name: SUSE-SA:2006:043

Hyperlink:http://www.novell.com/linux/security/advisories/2006_43_apache.html

External Source: VUPEN

Name: ADV-2008-1697

Hyperlink:http://www.frsirt.com/english/advisories/2008/1697

External Source: VUPEN

Name: ADV-2008-1246

Hyperlink:http://www.frsirt.com/english/advisories/2008/1246/references

External Source: VUPEN

Name: ADV-2008-0924

Hyperlink:http://www.frsirt.com/english/advisories/2008/0924/references

External Source: VUPEN

Name: ADV-2006-4868

Hyperlink:http://www.frsirt.com/english/advisories/2006/4868

External Source: VUPEN

Name: ADV-2006-4300

Hyperlink:http://www.frsirt.com/english/advisories/2006/4300

External Source: VUPEN

Name: ADV-2006-4015

Hyperlink:http://www.frsirt.com/english/advisories/2006/4015

External Source: VUPEN

Name: ADV-2006-3995

Hyperlink:http://www.frsirt.com/english/advisories/2006/3995

External Source: VUPEN

Name: ADV-2006-2423

Hyperlink:http://www.frsirt.com/english/advisories/2006/2423

External Source: DEBIAN

Name: DSA-1167

Hyperlink:http://www.debian.org/security/2006/dsa-1167

External Source: AIXAPAR

Name: PK25355

Hyperlink:http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only

External Source: SUNALERT

Name: 102663

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1

External Source: SUNALERT

Name: 102662

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1

External Source: SLACKWARE

Name: SSA:2006-129-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483

External Source: SLACKWARE

Name: SSA:2006-130-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158

External Source: SECUNIA

Name: 30430

Hyperlink:http://secunia.com/advisories/30430

External Source: SECUNIA

Name: 29849

Hyperlink:http://secunia.com/advisories/29849

External Source: SECUNIA

Name: 29420

Hyperlink:http://secunia.com/advisories/29420

External Source: SECUNIA

Name: 25239

Hyperlink:http://secunia.com/advisories/25239

External Source: SECUNIA

Name: 23260

Hyperlink:http://secunia.com/advisories/23260

External Source: SECUNIA

Name: 22669

Hyperlink:http://secunia.com/advisories/22669

External Source: SECUNIA

Name: 22388

Hyperlink:http://secunia.com/advisories/22388

External Source: SECUNIA

Name: 22368

Hyperlink:http://secunia.com/advisories/22368

External Source: SECUNIA

Name: 22140

Hyperlink:http://secunia.com/advisories/22140

External Source: SECUNIA

Name: 21744

Hyperlink:http://secunia.com/advisories/21744

External Source: SECUNIA

Name: 20670

Hyperlink:http://secunia.com/advisories/20670

External Source: SECUNIA

Name: 20046

Hyperlink:http://secunia.com/advisories/20046

External Source: REDHAT

Name: RHSA-2006:0692

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0692.html

External Source: SUSE

Name: SUSE-SR:2007:011

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html

External Source: APPLE

Name: APPLE-SA-2008-03-18

Hyperlink:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

External Source: APPLE

Name: APPLE-SA-2008-05-28

Hyperlink:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

External Source: HP

Name: SSRT071293

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=307562

Hyperlink:http://docs.info.apple.com/article.html?artnum=307562

Vulnerable software and versions

Configuration 1

* cpe:/a:apache:http_server:1.3

* cpe:/a:apache:http_server:1.3.0

* cpe:/a:apache:http_server:1.3.1

* cpe:/a:apache:http_server:1.3.10

* cpe:/a:apache:http_server:1.3.11

* cpe:/a:apache:http_server:1.3.11::win32

* cpe:/a:apache:http_server:1.3.12

* cpe:/a:apache:http_server:1.3.12::win32

* cpe:/a:apache:http_server:1.3.13

* cpe:/a:apache:http_server:1.3.13::win32

* cpe:/a:apache:http_server:1.3.14

* cpe:/a:apache:http_server:1.3.14::mac_os

* cpe:/a:apache:http_server:1.3.14::win32

* cpe:/a:apache:http_server:1.3.15

* cpe:/a:apache:http_server:1.3.15::win32

* cpe:/a:apache:http_server:1.3.16

* cpe:/a:apache:http_server:1.3.16::win32

* cpe:/a:apache:http_server:1.3.17

* cpe:/a:apache:http_server:1.3.17::win32

* cpe:/a:apache:http_server:1.3.18

* cpe:/a:apache:http_server:1.3.18::win32

* cpe:/a:apache:http_server:1.3.19

* cpe:/a:apache:http_server:1.3.19::win32

* cpe:/a:apache:http_server:1.3.2

* cpe:/a:apache:http_server:1.3.20

* cpe:/a:apache:http_server:1.3.20::win32

* cpe:/a:apache:http_server:1.3.22

* cpe:/a:apache:http_server:1.3.22::win32

* cpe:/a:apache:http_server:1.3.23

* cpe:/a:apache:http_server:1.3.23::win32

* cpe:/a:apache:http_server:1.3.24

* cpe:/a:apache:http_server:1.3.24::win32

* cpe:/a:apache:http_server:1.3.25

* cpe:/a:apache:http_server:1.3.25::win32

* cpe:/a:apache:http_server:1.3.26

* cpe:/a:apache:http_server:1.3.26::win32

* cpe:/a:apache:http_server:1.3.27

* cpe:/a:apache:http_server:1.3.28

* cpe:/a:apache:http_server:1.3.29

* cpe:/a:apache:http_server:1.3.3

* cpe:/a:apache:http_server:1.3.30

* cpe:/a:apache:http_server:1.3.31

* cpe:/a:apache:http_server:1.3.32

* cpe:/a:apache:http_server:1.3.4

* cpe:/a:apache:http_server:1.3.5

* cpe:/a:apache:http_server:1.3.6

* cpe:/a:apache:http_server:1.3.7

* cpe:/a:apache:http_server:1.3.7::dev

* cpe:/a:apache:http_server:1.3.8

* cpe:/a:apache:http_server:1.3.9

* cpe:/a:apache:http_server:2.0

* cpe:/a:apache:http_server:2.0.28

* cpe:/a:apache:http_server:2.0.28:beta

* cpe:/a:apache:http_server:2.0.28:beta:win32

* cpe:/a:apache:http_server:2.0.32

* cpe:/a:apache:http_server:2.0.32:beta:win32

* cpe:/a:apache:http_server:2.0.34:beta:win32

* cpe:/a:apache:http_server:2.0.35

* cpe:/a:apache:http_server:2.0.36

* cpe:/a:apache:http_server:2.0.37

* cpe:/a:apache:http_server:2.0.38

* cpe:/a:apache:http_server:2.0.39

* cpe:/a:apache:http_server:2.0.40

* cpe:/a:apache:http_server:2.0.41

* cpe:/a:apache:http_server:2.0.42

* cpe:/a:apache:http_server:2.0.43

* cpe:/a:apache:http_server:2.0.44

* cpe:/a:apache:http_server:2.0.45

* cpe:/a:apache:http_server:2.0.46

* cpe:/a:apache:http_server:2.0.47

* cpe:/a:apache:http_server:2.0.48

* cpe:/a:apache:http_server:2.0.49

* cpe:/a:apache:http_server:2.0.50

* cpe:/a:apache:http_server:2.0.51

* cpe:/a:apache:http_server:2.0.52

* cpe:/a:apache:http_server:2.0.53

* cpe:/a:apache:http_server:2.0.54

* cpe:/a:apache:http_server:2.0.55

* cpe:/a:apache:http_server:2.0.9

* cpe:/a:apache:mod_imap

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352