JVN#06045169
mod_imap cross-site scripting vulnerability
Overview
The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing.
mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.
Products Affected
- For more information, refer to the vendor's website.
Description
Impact
A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where mod_imap or mod_imagemap is used.
Solution
Vendor Status
References
JPCERT/CC Addendum
Credit
hoshikuzu star_dust reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CAN-2005-3352 |
| JVN iPedia |
JVNDB-2005-000727 |