CVE-2005-3352

Name of the Vulnerable Software and Affected Versions Apache httpd versions 1.3.x through 1.3.35-dev Apache httpd 2.0.x versions prior to 2.0.56-dev

Description A cross-site scripting (XSS) issue exists in the mod imap module, allowing remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. This can be exploited if a victim is forced to visit a malicious URL using certain web browsers. The issue arises from a flaw in mod imap when using the Referer directive with image maps.

Recommendations For Apache httpd versions 1.3.x through 1.3.35-dev, update to version 1.3.35-dev or later. For Apache httpd 2.0.x versions prior to 2.0.56-dev, update to version 2.0.56-dev or later. As a temporary workaround, consider disabling the mod imap module until a patch is available. Restrict access to image maps to minimize the risk of exploitation.