|
|
Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability
|
Bugtraq ID:
|
15834
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CVE-2005-3352
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Dec 13 2005 12:00AM
|
|
Updated:
|
Apr 18 2008 12:29AM
|
|
Credit:
|
This issue was disclosed by the vendor.
|
|
Vulnerable:
|
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8
Sun Solaris 10_x86
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun Solaris 10
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
RedHat Stronghold for Enterprise Linux 0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Fedora Core3
RedHat Fedora Core2
RedHat Fedora Core1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
mod_ssl mod_ssl 2.8.24
+
Apple Mac OS X 10.2.8
+
Apple Mac OS X Server 10.3.6
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
MandrakeSoft Linux Mandrake 10.1 x86_64
MandrakeSoft Linux Mandrake 10.1
IBM HTTP Server 2.0.47 .1
IBM HTTP Server 2.0.47
IBM HTTP Server 2.0.42 .2
IBM HTTP Server 2.0.42 .1
IBM HTTP Server 2.0.42
HP Webproxy A.02.10
+
HP HP-UX B.11.04
HP VirtualVault 4.7
HP System Management Homepage 2.1.5
HP System Management Homepage 2.1.4
HP System Management Homepage 2.1.3 .132
HP System Management Homepage 2.1.3
HP System Management Homepage 2.1.2
HP System Management Homepage 2.1.1
HP System Management Homepage 2.1
HP System Management Homepage 2.0.2
HP System Management Homepage 2.0.1
HP System Management Homepage 2.0
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.01
HP OpenView Network Node Manager 6.41
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.04
HP HP-UX B.11.00
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apache Software Foundation Apache 2.0.55
Apache Software Foundation Apache 2.0.54
+
Debian Linux 3.1 sparc
+
Debian Linux 3.1 s/390
+
Debian Linux 3.1 ppc
+
Debian Linux 3.1 mipsel
+
Debian Linux 3.1 mips
+
Debian Linux 3.1 m68k
+
Debian Linux 3.1 ia-64
+
Debian Linux 3.1 ia-32
+
Debian Linux 3.1 hppa
+
Debian Linux 3.1 arm
+
Debian Linux 3.1 amd64
+
Debian Linux 3.1 alpha
+
Debian Linux 3.1
Apache Software Foundation Apache 2.0.53
Apache Software Foundation Apache 2.0.52
Apache Software Foundation Apache 2.0.51
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.48
+
MandrakeSoft Linux Mandrake 10.0 AMD64
+
MandrakeSoft Linux Mandrake 10.0
+
S.u.S.E. Linux 8.1
+
S.u.S.E. Linux Personal 9.0 x86_64
+
S.u.S.E. Linux Personal 9.0
+
S.u.S.E. Linux Personal 8.2
+
Trustix Secure Linux 2.1
+
Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.40
+
RedHat Linux 9.0 i386
+
RedHat Linux 8.0
+
Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 1.3.34
Apache Software Foundation Apache 1.3.33
Apache Software Foundation Apache 1.3.32
+
Gentoo Linux 1.4
+
Gentoo Linux
Apache Software Foundation Apache 1.3.31
+
OpenPKG OpenPKG Current
Apache Software Foundation Apache 1.3.29
+
Apple Mac OS X 10.3.5
+
Apple Mac OS X 10.2.7
+
Apple Mac OS X Server 10.3.5
+
Apple Mac OS X Server 10.2.7
+
MandrakeSoft Linux Mandrake 10.0 AMD64
+
MandrakeSoft Linux Mandrake 10.0
+
OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+
Conectiva Linux 8.0
+
MandrakeSoft Linux Mandrake 9.2 amd64
+
MandrakeSoft Linux Mandrake 9.2
+
OpenBSD OpenBSD 3.4
+
OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+
HP HP-UX (VVOS) 11.0 4
+
HP VirtualVault 4.6
+
HP VirtualVault 4.5
+
HP Webproxy 2.0
+
Immunix Immunix OS 7+
+
MandrakeSoft Linux Mandrake 9.1 ppc
+
MandrakeSoft Linux Mandrake 9.1
+
OpenBSD OpenBSD 3.3
+
OpenPKG OpenPKG Current
+
RedHat Enterprise Linux AS 2.1 IA64
+
RedHat Enterprise Linux AS 2.1
+
RedHat Enterprise Linux ES 2.1 IA64
+
RedHat Enterprise Linux ES 2.1
+
RedHat Enterprise Linux WS 2.1 IA64
+
RedHat Enterprise Linux WS 2.1
+
RedHat Linux Advanced Work Station 2.1
+
SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+
Conectiva Linux 8.0
+
Conectiva Linux 7.0
+
Conectiva Linux 6.0
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
MandrakeSoft Corporate Server 2.1 x86_64
+
MandrakeSoft Corporate Server 2.1
+
MandrakeSoft Linux Mandrake 9.0
+
OpenPKG OpenPKG 1.1
+
Trustix Secure Linux 1.5
+
Trustix Secure Linux 1.2
+
Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
-
HP HP-UX 11.22
-
HP HP-UX 11.20
+
MandrakeSoft Single Network Firewall 7.2
+
S.u.S.E. Linux 7.3 sparc
+
S.u.S.E. Linux 7.3 ppc
+
S.u.S.E. Linux 7.3 i386
+
S.u.S.E. Linux 7.3
+
SGI IRIX 6.5.18
+
SGI IRIX 6.5.17
+
SGI IRIX 6.5.16
+
SGI IRIX 6.5.15
+
SGI IRIX 6.5.14 m
+
SGI IRIX 6.5.14 f
+
SGI IRIX 6.5.14
+
SGI IRIX 6.5.13 m
+
SGI IRIX 6.5.13 f
+
SGI IRIX 6.5.13
+
SGI IRIX 6.5.12 m
+
SGI IRIX 6.5.12 f
+
SGI IRIX 6.5.12
+
Slackware Linux 8.0
+
Sun Cobalt Control Station 4100CS
+
Sun Cobalt RaQ 550
+
Sun Solaris 9_x86 Update 2
+
Sun Solaris 9_x86
+
Sun Solaris 9
+
Sun SunOS 5.9 _x86
+
Sun SunOS 5.9
Apache Software Foundation Apache 1.3.19
-
Apple Mac OS X 10.0.3
-
Caldera OpenLinux 2.4
+
Debian Linux 2.3
-
Digital (Compaq) TRU64/DIGITAL UNIX 5.0
-
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
-
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
+
EnGarde Secure Linux 1.0.1
-
FreeBSD FreeBSD 4.2
-
FreeBSD FreeBSD 3.5.1
-
HP HP-UX 11.11
-
HP HP-UX 11.0 4
-
HP HP-UX 11.0
-
HP HP-UX 10.20
+
HP Secure OS software for Linux 1.0
-
HP VirtualVault 4.5
+
MandrakeSoft Linux Mandrake 8.1
-
MandrakeSoft Linux Mandrake 8.0
-
MandrakeSoft Linux Mandrake 7.2
-
MandrakeSoft Linux Mandrake 7.1
-
NetBSD NetBSD 1.5.1
-
NetBSD NetBSD 1.5
+
OpenBSD OpenBSD 2.9
-
OpenBSD OpenBSD 2.8
+
OpenBSD OpenBSD 3.0
-
RedHat Linux 7.1
-
RedHat Linux 7.0
-
RedHat Linux 6.2
+
S.u.S.E. Linux 7.2 i386
+
S.u.S.E. Linux 7.2
+
S.u.S.E. Linux 7.1 x86
+
S.u.S.E. Linux 7.1 sparc
+
S.u.S.E. Linux 7.1 ppc
+
S.u.S.E. Linux 7.1 alpha
+
S.u.S.E. Linux 7.1
+
S.u.S.E. Linux 7.0 sparc
+
S.u.S.E. Linux 7.0 ppc
+
S.u.S.E. Linux 7.0 i386
+
S.u.S.E. Linux 7.0 alpha
+
S.u.S.E. Linux 7.0
+
S.u.S.E. Linux 6.4 ppc
+
S.u.S.E. Linux 6.4 i386
+
S.u.S.E. Linux 6.4 alpha
+
S.u.S.E. Linux 6.4
-
SCO eDesktop 2.4
-
SCO eServer 2.3.1
-
SGI IRIX 6.5.9
-
SGI IRIX 6.5.8
-
Sun Solaris 8
-
Sun Solaris 7.0
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
+
EnGarde Secure Linux 1.0.1
+
MandrakeSoft Linux Mandrake 7.2
+
MandrakeSoft Linux Mandrake 7.1
-
MandrakeSoft Single Network Firewall 7.2
+
SGI IRIX 6.5.11
+
SGI IRIX 6.5.10
+
SGI IRIX 6.5.9
+
SGI IRIX 6.5.8
+
SGI IRIX 6.5.7
+
SGI IRIX 6.5.6
+
SGI IRIX 6.5.5
+
SGI IRIX 6.5.4
+
SGI IRIX 6.5.3
+
SGI IRIX 6.5.2
+
SGI IRIX 6.5.1
+
SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
+
NetScreen NetScreen-Global PRO Express Policy Manager Server
+
NetScreen NetScreen-Global PRO Policy Manager Server
+
OpenBSD OpenBSD 2.8
+
RedHat Linux 7.0 i386
+
RedHat Linux 7.0 alpha
+
RedHat Linux 6.2 sparc
+
RedHat Linux 6.2 i386
+
RedHat Linux 6.2 alpha
+
S.u.S.E. Linux 7.0 sparc
+
S.u.S.E. Linux 7.0
+
Sun Cobalt ManageRaQ v2 3599BD
+
Sun Cobalt Qube3 4000WG
+
Sun Cobalt RaQ XTR 3500R
+
Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
Apache Software Foundation Apache 1.3.6
Apache Software Foundation Apache 1.3.4
Apache Software Foundation Apache 1.3.3
+
RedHat Linux 5.2 sparc
+
RedHat Linux 5.2 i386
+
RedHat Linux 5.2 alpha
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
+
Apple Mac OS X 10.3.2
+
Apple Mac OS X 10.3.1
+
Apple Mac OS X 10.3
+
Apple Mac OS X 10.2.8
+
Apple Mac OS X 10.2.7
+
Apple Mac OS X 10.2.6
+
Apple Mac OS X 10.2.5
+
Apple Mac OS X 10.2.4
+
Apple Mac OS X 10.2.3
+
Apple Mac OS X 10.2.2
+
Apple Mac OS X 10.2.1
+
Apple Mac OS X 10.2
+
Apple Mac OS X 10.1.5
+
Apple Mac OS X 10.1.4
+
Apple Mac OS X 10.1.3
+
Apple Mac OS X 10.1.2
+
Apple Mac OS X 10.1.1
+
Apple Mac OS X 10.1
+
Apple Mac OS X Server 10.3.2
+
Apple Mac OS X Server 10.3.1
+
Apple Mac OS X Server 10.3
+
Apple Mac OS X Server 10.2.8
+
Apple Mac OS X Server 10.2.7
+
Apple Mac OS X Server 10.2.6
+
Apple Mac OS X Server 10.2.5
+
Apple Mac OS X Server 10.2.4
+
Apple Mac OS X Server 10.2.3
+
Apple Mac OS X Server 10.2.2
+
Apple Mac OS X Server 10.2.1
+
Apple Mac OS X Server 10.2
+
Apple Mac OS X Server 10.1.5
+
Apple Mac OS X Server 10.1.4
+
Apple Mac OS X Server 10.1.3
+
Apple Mac OS X Server 10.1.2
+
Apple Mac OS X Server 10.1.1
+
Apple Mac OS X Server 10.1
-
Microsoft Windows 2000 Professional
-
Microsoft Windows NT 4.0
|
|
|
|
Not Vulnerable:
|
Apache Software Foundation Apache 2.0.56 -dev
Apache Software Foundation Apache 1.3.35 -dev
|
|
|
