CVE-2007-5000

Apache HTTP Server < 1.3.39 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (96)

[Broken Link] http://docs.info.apple.com/article.html?artnum=307562

[Broken Link] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_13.html

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_20.html

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_22.html

[Broken Link, Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2008//May/msg00001.html

[Broken Link, Mailing List, Third Party Advisory] http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

[Mailing List, Third Party Advisory] http://lists.vmware.com/pipermail/security-announce/2009/000062.html

[Issue Tracking, Third Party Advisory] http://marc.info/?l=bugtraq&m=130497311408250&w=2

[Broken Link, Vendor Advisory] http://secunia.com/advisories/28046

[Broken Link, Vendor Advisory] http://secunia.com/advisories/28073

[Broken Link] http://secunia.com/advisories/28081

[Broken Link] http://secunia.com/advisories/28196

[Broken Link] http://secunia.com/advisories/28375

[Broken Link] http://secunia.com/advisories/28467

[Broken Link] http://secunia.com/advisories/28471

[Broken Link] http://secunia.com/advisories/28525

[Broken Link] http://secunia.com/advisories/28526

[Broken Link] http://secunia.com/advisories/28607

... and 76 more

Scores

EPSS 0.7668

EPSS Percentile 98.9%

Classification

CWE

CWE-79

Status draft

Affected Products (13)

apache/http_server < 1.3.39

fedoraproject/fedora

fedoraproject/fedora

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

opensuse/opensuse

opensuse/opensuse

suse/linux_enterprise_desktop

suse/linux_enterprise_server

suse/linux_enterprise_server

oracle/http_server

Timeline

Published Dec 13, 2007

Tracked Since Feb 18, 2026