JVNDB-2005-000727

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2014-05-22 18:03
Severity ?
() - -
Summary
mod_imap cross-site scripting vulnerability
Details
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
References
Impacted products
Apache Software Foundation Apache HTTP Server
Hitachi, Ltd Cosminexus Application Server Enterprise
Hitachi, Ltd Cosminexus Application Server Standard
Hitachi, Ltd Cosminexus Application Server Version 5
Hitachi, Ltd Cosminexus Developer Light Version 6
Hitachi, Ltd Cosminexus Developer Professional Version 6
Hitachi, Ltd Cosminexus Developer Standard Version 6
Hitachi, Ltd Cosminexus Developer Version 5
Hitachi, Ltd Cosminexus Server - Enterprise Edition
Hitachi, Ltd Cosminexus Server - Standard Edition
Hitachi, Ltd Cosminexus Server - Standard Edition Version 4
Hitachi, Ltd Cosminexus Server - Web Edition
Hitachi, Ltd Cosminexus Server - Web Edition Version 4
Hitachi, Ltd Hitachi Web Server
Hitachi, Ltd uCosminexus Application Server Enterprise
Hitachi, Ltd uCosminexus Application Server Smart Edition
Hitachi, Ltd uCosminexus Application Server Standard
Hitachi, Ltd uCosminexus Developer
Hitachi, Ltd uCosminexus Developer Light
Hitachi, Ltd uCosminexus Developer Standard
Hitachi, Ltd uCosminexus Service Architect
Hitachi, Ltd uCosminexus Service Platform
IBM Corporation IBM HTTP Server
Oracle Corporation Oracle HTTP Server
Apple Inc. Apple Mac OS X
Apple Inc. Apple Mac OS X Server
Hewlett-Packard Development Company,L.P HP-UX
Cybertrust Japan Co., Ltd. Asianux Server
Red Hat, Inc. Red Hat Enterprise Linux
Red Hat, Inc. Red Hat Linux Advanced Workstation
Sun Microsystems, Inc. Sun Solaris
Turbolinux, Inc. Turbolinux
Turbolinux, Inc. Turbolinux Desktop
Turbolinux, Inc. Turbolinux FUJI
Turbolinux, Inc. Turbolinux Home
Turbolinux, Inc. Turbolinux Multimedia
Turbolinux, Inc. Turbolinux Personal
Turbolinux, Inc. Turbolinux Server
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
  "dc:date": "2014-05-22T18:03+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2014-05-22T18:03+09:00",
  "description": "The \"mod_imap\" and \"mod_imagemap\" modules of the Apache HTTP Server are used for implementing server-side image map processing.\r\nmod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ibm:http_server",
      "@product": "IBM HTTP Server",
      "@vendor": "IBM Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:oracle:http_server",
      "@product": "Oracle HTTP Server",
      "@vendor": "Oracle Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000727",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN06045169/index.html",
      "@id": "JVN#06045169",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
      "@id": "TRTA08-079A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
      "@id": "SA08-079A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
      "@id": "SA08-150A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
      "@id": "TA08-079A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
      "@id": "TA08-150A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/15834",
      "@id": "15834",
      "@source": "BID"
    }
  ],
  "title": "mod_imap cross-site scripting vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.