CVE-2005-3352

Apache HTTP Server < 1.3.35 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

References (81)

[Broken Link] ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U

[Broken Link] http://docs.info.apple.com/article.html?artnum=307562

[Broken Link] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449

[Issue Tracking] http://issues.apache.org/bugzilla/show_bug.cgi?id=37874

[Mailing List] http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

[Mailing List] http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

[Broken Link] http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html

[Broken Link] http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html

[Mailing List, Third Party Advisory] http://marc.info/?l=bugtraq&m=130497311408250&w=2

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2006-0159.html

[Broken Link] http://rhn.redhat.com/errata/RHSA-2006-0692.html

[Not Applicable, URL Repurposed] http://secunia.com/advisories/17319

[Not Applicable] http://secunia.com/advisories/18008

[Not Applicable] http://secunia.com/advisories/18333

[Not Applicable] http://secunia.com/advisories/18339

[Not Applicable] http://secunia.com/advisories/18340

[Not Applicable] http://secunia.com/advisories/18429

[Not Applicable] http://secunia.com/advisories/18517

[Not Applicable] http://secunia.com/advisories/18526

[Not Applicable] http://secunia.com/advisories/18585

... and 61 more

Scores

EPSS 0.2558

EPSS Percentile 96.1%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

apache/http_server < 1.3.35

apache/http_server

Timeline

Published Dec 13, 2005

Tracked Since Feb 18, 2026