jvndb-2005-000727
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2014-05-22 18:03
Severity ?
() - -
Summary
mod_imap cross-site scripting vulnerability
Details
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
References
Impacted products
Apache Software Foundation Apache HTTP Server
Hitachi, Ltd Cosminexus Application Server Enterprise
Hitachi, Ltd Cosminexus Application Server Standard
Hitachi, Ltd Cosminexus Application Server Version 5
Hitachi, Ltd Cosminexus Developer Light Version 6
Hitachi, Ltd Cosminexus Developer Professional Version 6
Hitachi, Ltd Cosminexus Developer Standard Version 6
Hitachi, Ltd Cosminexus Developer Version 5
Hitachi, Ltd Cosminexus Server - Enterprise Edition
Hitachi, Ltd Cosminexus Server - Standard Edition
Hitachi, Ltd Cosminexus Server - Standard Edition Version 4
Hitachi, Ltd Cosminexus Server - Web Edition
Hitachi, Ltd Cosminexus Server - Web Edition Version 4
Hitachi, Ltd Hitachi Web Server
Hitachi, Ltd uCosminexus Application Server Enterprise
Hitachi, Ltd uCosminexus Application Server Smart Edition
Hitachi, Ltd uCosminexus Application Server Standard
Hitachi, Ltd uCosminexus Developer
Hitachi, Ltd uCosminexus Developer Light
Hitachi, Ltd uCosminexus Developer Standard
Hitachi, Ltd uCosminexus Service Architect
Hitachi, Ltd uCosminexus Service Platform
IBM Corporation IBM HTTP Server
Oracle Corporation Oracle HTTP Server
Apple Inc. Apple Mac OS X
Apple Inc. Apple Mac OS X Server
Hewlett-Packard Development Company,L.P HP-UX
Cybertrust Japan Co., Ltd. Asianux Server
Red Hat, Inc. Red Hat Enterprise Linux
Red Hat, Inc. Red Hat Linux Advanced Workstation
Sun Microsystems, Inc. Sun Solaris
Turbolinux, Inc. Turbolinux
Turbolinux, Inc. Turbolinux Desktop
Turbolinux, Inc. Turbolinux FUJI
Turbolinux, Inc. Turbolinux Home
Turbolinux, Inc. Turbolinux Multimedia
Turbolinux, Inc. Turbolinux Personal
Turbolinux, Inc. Turbolinux Server
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
  "dc:date": "2014-05-22T18:03+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2014-05-22T18:03+09:00",
  "description": "The \"mod_imap\" and \"mod_imagemap\" modules of the Apache HTTP Server are used for implementing server-side image map processing.\r\nmod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ibm:http_server",
      "@product": "IBM HTTP Server",
      "@vendor": "IBM Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:oracle:http_server",
      "@product": "Oracle HTTP Server",
      "@vendor": "Oracle Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000727",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN06045169/index.html",
      "@id": "JVN#06045169",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
      "@id": "TRTA08-079A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
      "@id": "SA08-079A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
      "@id": "SA08-150A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
      "@id": "TA08-079A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
      "@id": "TA08-150A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/15834",
      "@id": "15834",
      "@source": "BID"
    }
  ],
  "title": "mod_imap cross-site scripting vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.