CVE-2007-5000
Apache HTTP Server 1.3.0-1.3.39 and 2.0.35-2.0.61 - Cross-Site Scripting in mod_imap and mod_imagemap
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (96)
Core 96
Core References
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0178
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39001
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1623/references
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39002
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/494428/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0924/references
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0084
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4301
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0398
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26838
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0809/references
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505990/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0005.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019093
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28922
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/39134
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28749
Third Party Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29988
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28375
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28750
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29806
Broken Link vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28046
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28526
Third Party Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0006.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31142
Broken Link vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0007.html
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_20.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0008.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0009.html
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29420
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_22.html
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30430
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28525
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28081
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28467
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_hp
http://www.securityfocus.com/archive/1/498523/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28196
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0004.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28607
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30356
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_13.html
Broken Link vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
Broken Link x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28073
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28471
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4202
Broken Link vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1697
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-575-1
Third Party Advisory vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29640
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32800
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28977
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4201
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1875/references
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30732
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1224/references
Third Party Advisory x_refsource_confirm
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Scores
EPSS
0.7807
EPSS Percentile
99.0%
Details
CWE
CWE-79
Status
published
Products (13)
apache/http_server
1.3.0 - 1.3.39
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
6.10
canonical/ubuntu_linux
7.04
canonical/ubuntu_linux
7.10
fedoraproject/fedora
7
fedoraproject/fedora
8
opensuse/opensuse
10.2
opensuse/opensuse
10.3
oracle/http_server
10.1.3.5.0
... and 3 more
Published
Dec 13, 2007
Tracked Since
Feb 18, 2026