Detections
Analytics

FreeBSD : apache -- mod_imap XSS flaw (9fff8dc8-7aa7-11da-bf72-00123f589060)

medium Nessus Plugin ID 21487

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Apache HTTP Server Project reports :

A flaw in mod_imap when using the Referer directive with image maps.
In certain site configurations a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers.

Solution

Update the affected packages.

See Also

http://www.apacheweek.com/features/security-13

http://www.apacheweek.com/features/security-20

http://www.nessus.org/u?518ae251

Plugin Details

Severity: Medium

ID: 21487

File Name: freebsd_pkg_9fff8dc87aa711dabf7200123f589060.nasl

Version: 1.19

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:apache, p-cpe:/a:freebsd:freebsd:apache%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_perl, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel%2bmod_deflate, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_accel%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_deflate, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_accel, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_accel%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_accel%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_deflate, p-cpe:/a:freebsd:freebsd:apache%2bmod_ssl%2bmod_snmp%2bmod_deflate%2bipv6, p-cpe:/a:freebsd:freebsd:apache%2bssl, p-cpe:/a:freebsd:freebsd:apache_fp, p-cpe:/a:freebsd:freebsd:ru-apache, p-cpe:/a:freebsd:freebsd:ru-apache%2bmod_ssl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 1/1/2006

Vulnerability Publication Date: 11/1/2005

Reference Information

CVE: CVE-2005-3352

BID: 15834