- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200602-03
(Apache: Multiple vulnerabilities)
Apache's mod_imap fails to properly sanitize the 'Referer' directive of
imagemaps in some cases, leaving the HTTP Referer header unescaped. A
flaw in mod_ssl can lead to a NULL pointer dereference if the site uses
a custom 'Error 400' document. These vulnerabilities were reported by
Marc Cox and Hartmut Keil, respectively.
Impact :
A remote attacker could exploit mod_imap to inject arbitrary HTML or
JavaScript into a user's browser to gather sensitive information.
Attackers could also cause a Denial of Service on hosts using the SSL
module (Apache 2.0.x only).
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top