From 0bd04ca34aeca830c54303689043311d0f3225a1 Mon Sep 17 00:00:00 2001 From: remko Date: Sun, 1 Jan 2006 21:40:15 +0000 Subject: Document apache -- mod_imap cross-site scripting flaw. I expanded the diff from the PR a bit to denote other affected apache ports as well. Therefor mistakes in that should be redirected to me. Also bump the copyright year for the vuxml file. PR: ports/91157 (based on) Submitted by: KOMATSU Shinichiro --- security/vuxml/vuln.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 40d9f2997592..eb53d5504f71 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -1,7 +1,7 @@ + + apache -- mod_imap cross-site scripting flaw + + + apache + 1.31.3.34_3 + 2.0.352.0.55_2 + 2.12.1.9_3 + 2.22.2.0_3 + + + apache+mod_perl + 1.3.34_1 + + + apache_fp + apache+ipv6 + ru-apache + ru-apache+mod_ssl + 0 + + + apache+ssl + 1.3.01.3.33.1.55_2 + + + apache+mod_ssl + apache+mod_ssl+ipv6 + apache+mod_ssl+mod_accel + apache+mod_ssl+mod_accel+ipv6 + apache+mod_ssl+mod_accel+mod_deflate + apache+mod_ssl+mod_accel+mod_deflate+ipv6 + apache+mod_ssl+mod_deflate + apache+mod_ssl+mod_deflate+ipv6 + apache+mod_ssl+mod_snmp + apache+mod_ssl+mod_snmp+mod_accel + apache+mod_ssl+mod_snmp+mod_accel+ipv6 + apache+mod_ssl+mod_snmp+mod_deflate + apache+mod_ssl+mod_snmp+mod_deflate+ipv6 + apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 + 1.3.34+2.8.25_1 + + + + +

The Apache HTTP Server Project reports:

+
A flaw in mod_imap when using the Referer directive with + image maps. In certain site configurations a remote + attacker could perform a cross-site scripting attack if a + victim can be forced to visit a malicious URL using + certain web browsers.
+

+ + + + CVE-2005-3352 + 15834 + http://www.apacheweek.com/features/security-13 + http://www.apacheweek.com/features/security-20 + + + 2005-11-01 + 2006-01-01 + + + nbd-server -- buffer overflow vulnerability -- cgit