4.3
CVE-2007-5000
- EPSS 46.6%
- Veröffentlicht 13.12.2007 18:46:00
- Zuletzt bearbeitet 16.06.2026 22:45:15
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 1.3.0 <= 1.3.39
Apache ≫ HTTP Server Version >= 2.0.35 <= 2.0.61
Apache ≫ HTTP Server Version >= 2.2.0 <= 2.2.6
Fedoraproject ≫ Fedora Version7
Fedoraproject ≫ Fedora Version8
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version6.10
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Suse ≫ Linux Enterprise Desktop Version9
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp1
Oracle ≫ HTTP Server Version10.1.3.5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 46.6% | 0.987 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://www.redhat.com/support/errata/RHSA-2008-0261.html
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://secunia.com/advisories/29420
http://secunia.com/advisories/30430
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2008/1697
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://secunia.com/advisories/28749
http://secunia.com/advisories/29640
http://www.ubuntu.com/usn/usn-575-1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
http://secunia.com/advisories/28750
http://www.vupen.com/english/advisories/2008/0398
http://httpd.apache.org/security/vulnerabilities_22.html
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://httpd.apache.org/security/vulnerabilities_13.html
http://httpd.apache.org/security/vulnerabilities_20.html
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://www.securityfocus.com/archive/1/505990/100/0/threaded
http://secunia.com/advisories/28467
http://secunia.com/advisories/28922
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://secunia.com/advisories/28471
http://secunia.com/advisories/28607
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
http://www.redhat.com/support/errata/RHSA-2008-0004.html
http://www.redhat.com/support/errata/RHSA-2008-0006.html
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://secunia.com/advisories/28196
http://secunia.com/advisories/30356
http://secunia.com/advisories/30732
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
http://www.vupen.com/english/advisories/2007/4301
http://www.vupen.com/english/advisories/2008/1623/references
http://www.vupen.com/english/advisories/2008/1875/references
http://secunia.com/advisories/28046
http://secunia.com/advisories/28073
http://secunia.com/advisories/28081
http://secunia.com/advisories/28375
http://secunia.com/advisories/28525
http://secunia.com/advisories/28526
http://secunia.com/advisories/28977
http://secunia.com/advisories/29806
http://secunia.com/advisories/29988
http://secunia.com/advisories/31142
http://secunia.com/advisories/32800
http://securitytracker.com/id?1019093
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
http://www.osvdb.org/39134
http://www.redhat.com/support/errata/RHSA-2008-0007.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://www.securityfocus.com/archive/1/494428/100/0/threaded
http://www.securityfocus.com/archive/1/498523/100/0/threaded
http://www.securityfocus.com/bid/26838
http://www.vupen.com/english/advisories/2007/4201
http://www.vupen.com/english/advisories/2007/4202
http://www.vupen.com/english/advisories/2008/0084
http://www.vupen.com/english/advisories/2008/0178
http://www.vupen.com/english/advisories/2008/0809/references
http://www.vupen.com/english/advisories/2008/1224/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/39001
https://exchange.xforce.ibmcloud.com/vulnerabilities/39002
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html