4.3

CVE-2007-5000

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 1.3.0 <= 1.3.39
ApacheHTTP Server Version >= 2.0.35 <= 2.0.61
ApacheHTTP Server Version >= 2.2.0 <= 2.2.6
FedoraprojectFedora Version7
FedoraprojectFedora Version8
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
OpensuseOpensuse Version10.2
OpensuseOpensuse Version10.3
SuseLinux Enterprise Server Version10 Updatesp1
OracleHTTP Server Version10.1.3.5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 46.6% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Third Party Advisory
Issue Tracking
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Third Party Advisory
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
http://docs.info.apple.com/article.html?artnum=307562
Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Third Party Advisory
Broken Link
Mailing List
http://www.vupen.com/english/advisories/2008/0924/references
Permissions Required
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
Third Party Advisory
Broken Link
Mailing List
http://secunia.com/advisories/29420
Broken Link
http://secunia.com/advisories/30430
Broken Link
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2008/1697
Permissions Required
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/28749
Broken Link
http://secunia.com/advisories/29640
Broken Link
http://www.ubuntu.com/usn/usn-575-1
Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
Broken Link
http://secunia.com/advisories/28750
Broken Link
http://www.vupen.com/english/advisories/2008/0398
Permissions Required
http://httpd.apache.org/security/vulnerabilities_22.html
Vendor Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://httpd.apache.org/security/vulnerabilities_13.html
Vendor Advisory
http://httpd.apache.org/security/vulnerabilities_20.html
Vendor Advisory
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/505990/100/0/threaded
Third Party Advisory
VDB Entry
http://secunia.com/advisories/28467
Broken Link
http://secunia.com/advisories/28922
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0005.html
Third Party Advisory
http://secunia.com/advisories/28471
Broken Link
http://secunia.com/advisories/28607
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0004.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0006.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0008.html
Third Party Advisory
http://secunia.com/advisories/28196
Broken Link
http://secunia.com/advisories/30356
Broken Link
http://secunia.com/advisories/30732
Broken Link
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
Third Party Advisory
http://www.vupen.com/english/advisories/2007/4301
Permissions Required
http://www.vupen.com/english/advisories/2008/1623/references
Permissions Required
http://www.vupen.com/english/advisories/2008/1875/references
Permissions Required
http://secunia.com/advisories/28046
Vendor Advisory
Broken Link
http://secunia.com/advisories/28073
Vendor Advisory
Broken Link
http://secunia.com/advisories/28081
Broken Link
http://secunia.com/advisories/28375
Broken Link
http://secunia.com/advisories/28525
Broken Link
http://secunia.com/advisories/28526
Broken Link
http://secunia.com/advisories/28977
Broken Link
http://secunia.com/advisories/29806
Broken Link
http://secunia.com/advisories/29988
Broken Link
http://secunia.com/advisories/31142
Broken Link
http://secunia.com/advisories/32800
Broken Link
http://securitytracker.com/id?1019093
Third Party Advisory
Broken Link
VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
Broken Link
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
Broken Link
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
Broken Link
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
Broken Link
http://www.osvdb.org/39134
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0007.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0009.html
Third Party Advisory
http://www.securityfocus.com/archive/1/494428/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/498523/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/26838
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/4201
Permissions Required
http://www.vupen.com/english/advisories/2007/4202
Permissions Required
http://www.vupen.com/english/advisories/2008/0084
Permissions Required
http://www.vupen.com/english/advisories/2008/0178
Permissions Required
http://www.vupen.com/english/advisories/2008/0809/references
Permissions Required
http://www.vupen.com/english/advisories/2008/1224/references
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/39001
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39002
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
Third Party Advisory