apache -- mod_imap cross-site scripting flaw
Description:
The Apache HTTP Server Project reports:
A flaw in mod_imap when using the Referer directive with
image maps. In certain site configurations a remote
attacker could perform a cross-site scripting attack if a
victim can be forced to visit a malicious URL using
certain web browsers.
References:
Affects:
- apache >=1.3 <1.3.34_3
- apache >=2.0.35 <2.0.55_2
- apache >=2.1 <2.1.9_3
- apache >=2.2 <2.2.0_3
- apache+mod_perl <1.3.34_1
- apache_fp >=0
- apache+ipv6 >=0
- ru-apache <1.3.34+30.22_1
- ru-apache+mod_ssl <1.3.34+30.22+2.8.25_1
- apache+ssl >=1.3.0 <1.3.33.1.55_2
- apache+mod_ssl <1.3.34+2.8.25_1
- apache+mod_ssl+ipv6 <1.3.34+2.8.25_1
- apache+mod_ssl+mod_accel <1.3.34+2.8.25_1
- apache+mod_ssl+mod_accel+ipv6 <1.3.34+2.8.25_1
- apache+mod_ssl+mod_accel+mod_deflate <1.3.34+2.8.25_1
- apache+mod_ssl+mod_accel+mod_deflate+ipv6 <1.3.34+2.8.25_1
- apache+mod_ssl+mod_deflate <1.3.34+2.8.25_1
- apache+mod_ssl+mod_deflate+ipv6 <1.3.34+2.8.25_1
- apache+mod_ssl+mod_snmp <1.3.34+2.8.25_1
- apache+mod_ssl+mod_snmp+mod_accel <1.3.34+2.8.25_1
- apache+mod_ssl+mod_snmp+mod_accel+ipv6 <1.3.34+2.8.25_1
- apache+mod_ssl+mod_snmp+mod_deflate <1.3.34+2.8.25_1
- apache+mod_ssl+mod_snmp+mod_deflate+ipv6 <1.3.34+2.8.25_1
- apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 <1.3.34+2.8.25_1
portaudit: apache -- mod_imap cross-site scripting flaw
Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the
database, please contact the
FreeBSD Security Officer. Refer to
"FreeBSD Security
Information" for more information.
Oliver Eikemeier <eik@FreeBSD.org>
