Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3352

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3352
Last Modified 17 Jul 2013 10:37:27
Published 13 Dec 2005 03:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3352

Summary

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Vulnerable Systems

Application

  • Apache Http Server 1.3

  • Apache Http Server 1.3.0

  • Apache Http Server 1.3.1

  • Apache Http Server 1.3.10

  • Apache Http Server 1.3.11

  • Apache Http Server 1.3.12

  • Apache Http Server 1.3.13

  • Apache Http Server 1.3.14

  • Apache Http Server 1.3.15

  • Apache Http Server 1.3.16

  • Apache Http Server 1.3.17

  • Apache Http Server 1.3.18

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.2

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.27

  • Apache Http Server 1.3.28

  • Apache Http Server 1.3.29

  • Apache Http Server 1.3.3

  • Apache Http Server 1.3.30

  • Apache Http Server 1.3.31

  • Apache Http Server 1.3.32

  • Apache Http Server 1.3.4

  • Apache Http Server 1.3.5

  • Apache Http Server 1.3.6

  • Apache Http Server 1.3.7

  • Apache Http Server 1.3.8

  • Apache Http Server 1.3.9

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.9

  • Apache Mod Imap


References

CERT - TA08-150A

SECTRACK - 1015344

MANDRIVA - MDKSA-2006:007

VUPEN - ADV-2008-1697

VUPEN - ADV-2008-1246

VUPEN - ADV-2008-0924

VUPEN - ADV-2006-4868

VUPEN - ADV-2006-4300

VUPEN - ADV-2006-4015

VUPEN - ADV-2006-3995

VUPEN - ADV-2006-2423

VUPEN - ADV-2005-2870

UBUNTU - USN-241-1

TRUSTIX - TSLSA-2005-0074

BID - 15834

HP - HPSBUX02164

HP - SSRT061269

HP - HPSBUX02145

FEDORA - FLSA-2006:175406

REDHAT - RHSA-2006:0158

FEDORA - FEDORA-2006-052

OPENPKG - OpenPKG-SA-2005.029

GENTOO - GLSA-200602-03

AIXAPAR - PK16139

SECUNIA - 19012

SECUNIA - 18743

SECUNIA - 18585

SECUNIA - 18526

SECUNIA - 18517

SECUNIA - 18429

SECUNIA - 18340

SECUNIA - 18339

SECUNIA - 18333

SECUNIA - 18008

SECUNIA - 17319

REDHAT - RHSA-2006:0159

HP - SSRT090208

HP - HPSBOV02683

SUSE - SUSE-SR:2006:004

CONFIRM - http://issues.apache.org/bugzilla/show_bug.cgi?id=37874

HP - HPSBMA02328

SGI - 20060101-01-U

SUSE - SUSE-SA:2006:043

DEBIAN - DSA-1167

AIXAPAR - PK25355

SUNALERT - 102663

SUNALERT - 102662

SLACKWARE - SSA:2006-129-01

SLACKWARE - SSA:2006-130-01

SECUNIA - 30430

SECUNIA - 29849

SECUNIA - 29420

SECUNIA - 25239

SECUNIA - 23260

SECUNIA - 22669

SECUNIA - 22388

SECUNIA - 22368

SECUNIA - 22140

SECUNIA - 21744

SECUNIA - 20670

SECUNIA - 20046

REDHAT - RHSA-2006:0692

SUSE - SUSE-SR:2007:011

APPLE - APPLE-SA-2008-03-18

APPLE - APPLE-SA-2008-05-28

HP - SSRT071293

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

HP - SSRT061265

HP - HPSBUX02172

HP - SSRT061202

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)


Last Updated: 27 May 2016 10:38:12