Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability

Bugtraq ID: 26838
Class: Input Validation Error
CVE: CVE-2007-5000
Remote: Yes
Local: No
Published: Dec 12 2007 12:00AM
Updated: Apr 13 2015 09:15PM
Credit: The vendor disclosed this issue.
Vulnerable: VMWare Workstation 6.5.2
VMWare Workstation 6.5.1
VMWare Player 2.5.2
VMWare Player 2.5.1
VMWare ACE 2.5.2
VMWare ACE 2.5.1
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 11 x64
Turbolinux Turbolinux Server 11
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux FUJI
TurboLinux Personal
TurboLinux Multimedia
Turbolinux FUJI 0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise SDK 10.SP1
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10_x86
Sun Solaris 10_sparc
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop SDK 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
rPath rPath Linux 1
rPath Appliance Platform Linux Service 1
Redhat Red Hat Network Satellite Server 5.0
Redhat Network Proxy (for RHEL 4) 5.0
Redhat Fedora 7
Redhat Enterprise Linux WS 4
Redhat Enterprise Linux WS 3
Redhat Enterprise Linux WS 2.1 IA64
Redhat Enterprise Linux WS 2.1
Redhat Enterprise Linux ES 4
Redhat Enterprise Linux ES 3
Redhat Enterprise Linux ES 2.1 IA64
Redhat Enterprise Linux ES 2.1
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux AS 4
Redhat Enterprise Linux AS 3
Redhat Enterprise Linux AS 2.1 IA64
Redhat Enterprise Linux AS 2.1
Redhat Enterprise Linux 5 Server
Redhat Desktop 4.0
Redhat Desktop 3.0
Redhat Certificate Server 7.3
Redhat Application Stack v1 for Enterprise Linux ES 4
Redhat Application Stack v1 for Enterprise Linux AS 4
Redhat Advanced Workstation for the Itanium Processor 2.1 IA64
Redhat Advanced Workstation for the Itanium Processor 2.1
Oracle Oracle HTTP Server 10.1.3.5.0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
IBM HTTP Server 6.1 .15
IBM HTTP Server 6.0.2 .27
IBM HTTP Server 6.0.2 .13
IBM HTTP Server 2.0.47 .1
IBM HTTP Server 2.0.47
IBM HTTP Server 1.3.28 .1
IBM HTTP Server 6.1.0.13
IBM HTTP Server 6.1.0.1
IBM HTTP Server 6.1.0
IBM HTTP Server 6.0.2.23
IBM HTTP Server 6.0.2.19
IBM HTTP Server 6.0.2.12
IBM Hardware Management Console (HMC) for pSeries 6.0 R1.3
IBM Hardware Management Console (HMC) for iSeries 6.0 R1.3
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenVMS Secure Web Server 2.1-1
HP OpenView Network Node Manager 7.53
HP OpenView Network Node Manager 7.51
HP OpenView Network Node Manager 7.01
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
HP Business Availability Center 8.01
Fujitsu INTERSTAGE Studio Standard-J Edition 9.0
Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Studio Enterprise Edition 9.0
Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Job Workload Server 8.1
Fujitsu INTERSTAGE Business Application Server Enterprise 8.0.0
Fujitsu INTERSTAGE Apworks Standard-J Edition 8.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
Fujitsu INTERSTAGE Apworks Enterprise Edition 8.0
Fujitsu iNTERSTAGE Application Server Web-J Edition 5.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 A
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0
Fujitsu INTERSTAGE Application Server Plus Developer 5.0.1
Fujitsu INTERSTAGE Application Server Plus Developer 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 6.0
Fujitsu Interstage Application Server Plus 7.0.1
Fujitsu Interstage Application Server Plus 5.0.1
Fujitsu Interstage Application Server Plus 7.0
Fujitsu Interstage Application Server Plus 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 3.1
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Meeting Exchange 5.0
Avaya Intuity AUDIX LX 2.0
Avaya Communication Manager 5.0
Avaya Communication Manager 4.0
Avaya Communication Manager 3.1
Avaya Communication Manager 3.0
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
+ Avaya Communication Manager Server S8700
Avaya CCS 3.1.2
Avaya CCS 3.1.1
Avaya CCS 4.0
Avaya CCS 3.1
Avaya Aura SIP Enablement Services 3.1.1
Avaya Aura Application Enablement Services 4.0.1
Avaya Aura Application Enablement Services 3.1.4
Avaya Aura Application Enablement Services 3.1.3
Avaya Aura Application Enablement Services 4.0
Avaya Aura Application Enablement Services 3.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apache Apache 2.2.6
Apache Apache 2.2.5
Apache Apache 2.2.4
Apache Apache 2.2.3
Apache Apache 2.2.2
Apache Apache 2.2
Apache Apache 2.0.59
Apache Apache 2.0.58
Apache Apache 2.0.56 -dev
Apache Apache 2.0.55
Apache Apache 2.0.54
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Apache Apache 2.0.53
Apache Apache 2.0.52
Apache Apache 2.0.51
Apache Apache 2.0.50
Apache Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Apache 2.0.48
Apache Apache 2.0.47
Apache Apache 2.0.46
Apache Apache 2.0.45
Apache Apache 2.0.44
Apache Apache 2.0.43
Apache Apache 2.0.42
Apache Apache 2.0.41
Apache Apache 2.0.40
+ Redhat Linux 9.0 i386
+ Redhat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Apache 2.0.39
Apache Apache 2.0.38
Apache Apache 2.0.37
Apache Apache 2.0.36
Apache Apache 2.0.35
Apache Apache 2.0.32
Apache Apache 2.0.28 Beta
Apache Apache 2.0.28
Apache Apache 2.0 a9
Apache Apache 2.0
Apache Apache 1.3.39
Apache Apache 1.3.37
Apache Apache 1.3.36
Apache Apache 1.3.34
Apache Apache 1.3.33
Apache Apache 1.3.32
+ Gentoo Linux 1.4
+ Gentoo Linux
Apache Apache 1.3.31
+ OpenPKG OpenPKG Current
Apache Apache 1.3.29
Apache Apache 1.3.28
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
+ OpenPKG OpenPKG 1.3
Apache Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
+ HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
+ OpenPKG OpenPKG Current
+ Redhat Enterprise Linux AS 2.1 IA64
+ Redhat Enterprise Linux AS 2.1
+ Redhat Enterprise Linux ES 2.1 IA64
+ Redhat Enterprise Linux ES 2.1
+ Redhat Enterprise Linux WS 2.1 IA64
+ Redhat Enterprise Linux WS 2.1
+ Redhat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Apache 1.3.26
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Apache 1.3.24
Apache Apache 1.3.22
Apache Apache 1.3.20
Apache Apache 1.3.19
Apache Apache 1.3.17
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ OpenBSD OpenBSD 2.8
+ S.u.S.E. Linux 7.1
Apache Apache 1.3.14
Apache Apache 1.3.12
Apache Apache 1.3.11
Apache Apache 1.3.9
Apache Apache 1.3.6
Apache Apache 1.3.4
Apache Apache 1.3.3
+ Redhat Linux 5.2 sparc
+ Redhat Linux 5.2 i386
+ Redhat Linux 5.2 alpha
Apache Apache 1.3.1
Apache Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
Apache Apache 2.0.61-dev
Apache Apache 2.0.60-dev
Apache Apache 1.3.35
Not Vulnerable: HP OpenVMS Secure Web Server 2.2
Apache Apache 2.0.63
Apache Apache 1.3.41
Apache Apache 2.2.7-dev
Apache Apache 2.0.62-dev
Apache Apache 1.3.40-dev


 

Privacy Statement
Copyright 2010, SecurityFocus