- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200602-03 (Apache: Multiple vulnerabilities)
Apache's mod_imap fails to properly sanitize the 'Referer' directive of imagemaps in some cases, leaving the HTTP Referer header unescaped. A flaw in mod_ssl can lead to a NULL pointer dereference if the site uses a custom 'Error 400' document. These vulnerabilities were reported by Marc Cox and Hartmut Keil, respectively.
Impact :
A remote attacker could exploit mod_imap to inject arbitrary HTML or JavaScript into a user's browser to gather sensitive information.
Attackers could also cause a Denial of Service on hosts using the SSL module (Apache 2.0.x only).
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top