|
|
Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
|
Bugtraq ID:
|
26838
|
|
Class:
|
Input Validation Error
|
|
CVE:
|
CVE-2007-5000
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Dec 12 2007 12:00AM
|
|
Updated:
|
May 06 2008 11:15PM
|
|
Credit:
|
The vendor disclosed this issue.
|
|
Vulnerable:
|
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 11 x64
Turbolinux Turbolinux Server 11
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux FUJI
TurboLinux Personal
TurboLinux Multimedia
Turbolinux FUJI 0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
TransSoft Broker FTP Server 8.0
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8
Sun Solaris 10_x86
Sun Solaris 10
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 11.0
S.u.S.E. SUSE Linux Enterprise Server 10 SP1
S.u.S.E. SLE SDK 10.SP1
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop SDK 9.0
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 10.SP1
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
RedHat Fedora 8 0
RedHat Fedora 7 0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Application Stack v1 for Enterprise Linux ES 4
RedHat Application Stack v1 for Enterprise Linux AS 4
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
IBM HTTP Server 6.1 .15
IBM HTTP Server 6.0.2 .27
IBM HTTP Server 1.3.28 .1
IBM HTTP Server 6.1.0.13
IBM HTTP Server 6.1.0.1
IBM HTTP Server 6.1.0
IBM HTTP Server 6.0.2.23
IBM HTTP Server 6.0.2.19
IBM HTTP Server 6.0.2.13
IBM HTTP Server 6.0.2.12
IBM HTTP Server 6.0.2.12
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
Fujitsu INTERSTAGE Studio Standard-J Edition 9.0
Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Studio Enterprise Edition 9.0
Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Job Workload Server 8.1
Fujitsu INTERSTAGE Business Application Server Enterprise 8.0
Fujitsu INTERSTAGE Apworks Standard-J Edition 8.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
Fujitsu INTERSTAGE Apworks Enterprise Edition 8.0
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 A
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0
Fujitsu INTERSTAGE Application Server Plus Developer 5.0.1
Fujitsu INTERSTAGE Application Server Plus Developer 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 6.0
Fujitsu Interstage Application Server Plus 7.0.1
Fujitsu Interstage Application Server Plus 5.0.1
Fujitsu Interstage Application Server Plus 7.0
Fujitsu Interstage Application Server Plus 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya SES 3.1.2
Avaya SES 3.1.1
Avaya SES 4.0
Avaya Messaging Storage Server MSS 3.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 3.1
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Meeting Exchange 5.0
Avaya Intuity AUDIX LX 2.0
Avaya Communication Manager 5.0
Avaya Communication Manager 4.0
Avaya Communication Manager 3.1
Avaya Communication Manager 3.0
Avaya CCS 3.1.2
Avaya CCS 3.1.1
Avaya CCS 4.0
Avaya CCS 3.1
Avaya AES 4.0.1
Avaya AES 3.1.4
Avaya AES 3.1.3
Avaya AES 4.0
Avaya AES 3.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apache Software Foundation Apache 2.2.6
Apache Software Foundation Apache 2.2.5
Apache Software Foundation Apache 2.2.4
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.2 .0
Apache Software Foundation Apache 2.0.59
Apache Software Foundation Apache 2.0.58
Apache Software Foundation Apache 2.0.56 -dev
Apache Software Foundation Apache 2.0.55
Apache Software Foundation Apache 2.0.54
Apache Software Foundation Apache 2.0.53
Apache Software Foundation Apache 2.0.52
Apache Software Foundation Apache 2.0.51
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
Apache Software Foundation Apache 2.0.48
+
MandrakeSoft Linux Mandrake 10.0 AMD64
+
MandrakeSoft Linux Mandrake 10.0
+
S.u.S.E. Linux 8.1
+
S.u.S.E. Linux Personal 9.0 x86_64
+
S.u.S.E. Linux Personal 9.0
+
S.u.S.E. Linux Personal 8.2
+
Trustix Secure Linux 2.1
+
Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
+
RedHat Linux 9.0 i386
+
RedHat Linux 8.0
+
Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28 Beta
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0 a9
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.39
Apache Software Foundation Apache 1.3.37
Apache Software Foundation Apache 1.3.36
Apache Software Foundation Apache 1.3.35
Apache Software Foundation Apache 1.3.34
Apache Software Foundation Apache 1.3.33
Apache Software Foundation Apache 1.3.32
+
Gentoo Linux 1.4
+
Gentoo Linux
Apache Software Foundation Apache 1.3.31
+
OpenPKG OpenPKG Current
Apache Software Foundation Apache 1.3.29
+
Apple Mac OS X 10.3.5
+
Apple Mac OS X 10.2.7
+
Apple Mac OS X Server 10.3.5
+
Apple Mac OS X Server 10.2.7
+
MandrakeSoft Linux Mandrake 10.0 AMD64
+
MandrakeSoft Linux Mandrake 10.0
+
OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+
Conectiva Linux 8.0
+
MandrakeSoft Linux Mandrake 9.2 amd64
+
MandrakeSoft Linux Mandrake 9.2
+
OpenBSD OpenBSD 3.4
+
OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+
HP HP-UX (VVOS) 11.0 4
+
HP VirtualVault 4.6
+
HP VirtualVault 4.5
+
HP Webproxy 2.0
+
Immunix Immunix OS 7+
+
MandrakeSoft Linux Mandrake 9.1 ppc
+
MandrakeSoft Linux Mandrake 9.1
+
OpenBSD OpenBSD 3.3
+
OpenPKG OpenPKG Current
+
RedHat Enterprise Linux AS 2.1 IA64
+
RedHat Enterprise Linux AS 2.1
+
RedHat Enterprise Linux ES 2.1 IA64
+
RedHat Enterprise Linux ES 2.1
+
RedHat Enterprise Linux WS 2.1 IA64
+
RedHat Enterprise Linux WS 2.1
+
RedHat Linux Advanced Work Station 2.1
+
SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+
Conectiva Linux 8.0
+
Conectiva Linux 7.0
+
Conectiva Linux 6.0
+
Debian Linux 3.0 sparc
+
Debian Linux 3.0 s/390
+
Debian Linux 3.0 ppc
+
Debian Linux 3.0 mipsel
+
Debian Linux 3.0 mips
+
Debian Linux 3.0 m68k
+
Debian Linux 3.0 ia-64
+
Debian Linux 3.0 ia-32
+
Debian Linux 3.0 hppa
+
Debian Linux 3.0 arm
+
Debian Linux 3.0 alpha
+
MandrakeSoft Corporate Server 2.1 x86_64
+
MandrakeSoft Corporate Server 2.1
+
MandrakeSoft Linux Mandrake 9.0
+
OpenPKG OpenPKG 1.1
+
Trustix Secure Linux 1.5
+
Trustix Secure Linux 1.2
+
Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
-
HP HP-UX 11.22
-
HP HP-UX 11.20
+
MandrakeSoft Single Network Firewall 7.2
+
S.u.S.E. Linux 7.3 sparc
+
S.u.S.E. Linux 7.3 ppc
+
S.u.S.E. Linux 7.3 i386
+
S.u.S.E. Linux 7.3
+
SGI IRIX 6.5.18
+
SGI IRIX 6.5.17
+
SGI IRIX 6.5.16
+
SGI IRIX 6.5.15
+
SGI IRIX 6.5.14 m
+
SGI IRIX 6.5.14 f
+
SGI IRIX 6.5.14
+
SGI IRIX 6.5.13 m
+
SGI IRIX 6.5.13 f
+
SGI IRIX 6.5.13
+
SGI IRIX 6.5.12 m
+
SGI IRIX 6.5.12 f
+
SGI IRIX 6.5.12
+
Slackware Linux 8.0
+
Sun Cobalt Control Station 4100CS
+
Sun Cobalt RaQ 550
+
Sun Solaris 9_x86 Update 2
+
Sun Solaris 9_x86
+
Sun Solaris 9
+
Sun SunOS 5.9 _x86
+
Sun SunOS 5.9
Apache Software Foundation Apache 1.3.19
-
Apple Mac OS X 10.0.3
-
Caldera OpenLinux 2.4
+
Debian Linux 2.3
-
Digital (Compaq) TRU64/DIGITAL UNIX 5.0
-
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
-
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
+
EnGarde Secure Linux 1.0.1
-
FreeBSD FreeBSD 4.2
-
FreeBSD FreeBSD 3.5.1
-
HP HP-UX 11.11
-
HP HP-UX 11.0 4
-
HP HP-UX 11.0
-
HP HP-UX 10.20
+
HP Secure OS software for Linux 1.0
-
HP VirtualVault 4.5
+
MandrakeSoft Linux Mandrake 8.1
-
MandrakeSoft Linux Mandrake 8.0
-
MandrakeSoft Linux Mandrake 7.2
-
MandrakeSoft Linux Mandrake 7.1
-
NetBSD NetBSD 1.5.1
-
NetBSD NetBSD 1.5
+
OpenBSD OpenBSD 2.9
-
OpenBSD OpenBSD 2.8
+
OpenBSD OpenBSD 3.0
-
RedHat Linux 7.1
-
RedHat Linux 7.0
-
RedHat Linux 6.2
+
S.u.S.E. Linux 7.2 i386
+
S.u.S.E. Linux 7.2
+
S.u.S.E. Linux 7.1 x86
+
S.u.S.E. Linux 7.1 sparc
+
S.u.S.E. Linux 7.1 ppc
+
S.u.S.E. Linux 7.1 alpha
+
S.u.S.E. Linux 7.1
+
S.u.S.E. Linux 7.0 sparc
+
S.u.S.E. Linux 7.0 ppc
+
S.u.S.E. Linux 7.0 i386
+
S.u.S.E. Linux 7.0 alpha
+
S.u.S.E. Linux 7.0
+
S.u.S.E. Linux 6.4 ppc
+
S.u.S.E. Linux 6.4 i386
+
S.u.S.E. Linux 6.4 alpha
+
S.u.S.E. Linux 6.4
-
SCO eDesktop 2.4
-
SCO eServer 2.3.1
-
SGI IRIX 6.5.9
-
SGI IRIX 6.5.8
-
Sun Solaris 8
-
Sun Solaris 7.0
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
Apache Software Foundation Apache 1.3.12
+
NetScreen NetScreen-Global PRO Express Policy Manager Server
+
NetScreen NetScreen-Global PRO Policy Manager Server
+
OpenBSD OpenBSD 2.8
+
RedHat Linux 7.0 i386
+
RedHat Linux 7.0 alpha
+
RedHat Linux 6.2 sparc
+
RedHat Linux 6.2 i386
+
RedHat Linux 6.2 alpha
+
S.u.S.E. Linux 7.0 sparc
+
S.u.S.E. Linux 7.0
+
Sun Cobalt ManageRaQ v2 3599BD
+
Sun Cobalt Qube3 4000WG
+
Sun Cobalt RaQ XTR 3500R
+
Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
Apache Software Foundation Apache 1.3.6
Apache Software Foundation Apache 1.3.4
Apache Software Foundation Apache 1.3.3
+
RedHat Linux 5.2 sparc
+
RedHat Linux 5.2 i386
+
RedHat Linux 5.2 alpha
Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
Apache Software Foundation Apache 2.0.61-dev
Apache Software Foundation Apache 2.0.60-dev
|
|
|
|
Not Vulnerable:
|
Apache Software Foundation Apache 2.2.7-dev
Apache Software Foundation Apache 2.0.62-dev
Apache Software Foundation Apache 1.3.40-dev
|
|
|
