OpenPKG Security Advisory
OpenPKG-SA-2005.029
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2005.029 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2005.029 Advisory Published: 2008-08-07 22:04 UTC Issue Id (internal): OpenPKG-SI-20051214.01 Issue First Created: 2005-12-14 Issue Last Modified: 2006-11-28 Issue Revision: 07
Subject Name: Apache mod_imap Subject Summary: Apache HTTP Server Subject Home: http://httpd.apache.org/ Subject Versions: * <= 1.3.34 Vulnerability Id: CVE-2005-3352 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: identity fraud Description: According to vendor information [0], a Cross-Site Scripting (XSS) vulnerability exists in the Apache HTTP server [1]. The flaw exists in the "mod_imap" extension module and occurs when using the "Referer" directive with image maps. In certain configurations a remote attacker could perform an XSS attack if a victim can be forced to visit a malicious URL using certain web browsers. References: [0] http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 [1] http://httpd.apache.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
Primary Package Name: apache Primary Package Home: http://openpkg.org/go/package/apache Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2.3-SOLID apache-1.3.33-2.3.6 OpenPKG Community 2.4-SOLID apache-1.3.33-2.4.4 OpenPKG Community 2.5-SOLID apache-1.3.33-2.5.4 OpenPKG Community CURRENT apache-1.3.34-20051205 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2.3-SOLID apache-1.3.33-2.3.7 OpenPKG Community 2.4-SOLID apache-1.3.33-2.4.5 OpenPKG Community 2.5-SOLID apache-1.3.33-2.5.5 OpenPKG Community CURRENT apache-1.3.34-20051214
