Bug#373803: apache: Cross-site scripting (XSS) vulnerability in the mod_imap -- patched in upstream 1.3.35
Package: apache
Version: 1.3.34-2
Severity: normal
Cross-site scripting (XSS) vulnerability in the mod_imap module of
Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev
allows remote attackers to inject arbitrary web script or HTML via the
Referer when using image maps.
See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.dsdt1000.060522
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages apache depends on:
ii apache-common 1.3.34-2 support files for all Apache webse
ii debconf [debconf-2.0] 1.5.1 Debian configuration management sy
ii libc6 2.3.6-13 GNU C Library: Shared libraries
ii libdb4.3 4.3.29-4.1 Berkeley v4.3 Database Libraries [
ii libexpat1 1.95.8-3.2 XML parsing C library - runtime li
ii libmagic1 4.17-1 File type determination library us
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-10 Linux Standard Base 3.1 init scrip
ii mime-support 3.36-1 MIME files 'mime.types' & 'mailcap
ii perl 5.8.8-4 Larry Wall's Practical Extraction
apache recommends no packages.
-- debconf information:
* apache/enable-suexec: false
apache/server-name: localhost
apache/document-root: /var/www
apache/server-port: 80
apache/init: true
apache/server-admin: you@your.address
Reply to: