PT-2007-6108 · Apache+1 · Apache Http Server+1

Published

2007-12-11

·

Updated

2024-06-15

·

CVE-2007-5000

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 1.3.0 through 1.3.39 Apache HTTP Server versions 2.0.35 through 2.0.61 Apache HTTP Server versions 2.2.0 through 2.2.6
Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This affects the mod imap and mod imagemap modules in the Apache HTTP Server.
Recommendations For versions 1.3.0 through 1.3.39, consider disabling the mod imap module until a patch is available. For versions 2.0.35 through 2.0.61, consider disabling the mod imap module until a patch is available. For versions 2.2.0 through 2.2.6, consider disabling the mod imagemap module until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2007-5000
HPSBUX02308
OPENSUSE-SU-2024:10623-1
RHSA-2008:0004
RHSA-2008:0005
RHSA-2008:0006
RHSA-2008:0007
RHSA-2008:0008
RHSA-2008:0009
RHSA-2008:0261
RHSA-2008:0263
RHSA-2008:0523
RHSA-2008:0524
RHSA-2008_0006
RHSA-2008_0008
RHSA-2010:0602

Affected Products

Apache Http Server
Red Hat