Published:2005/12/15  Last Updated:2008/05/21

JVN#06045169
mod_imap cross-site scripting vulnerability

Overview

The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing.
mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.

Products Affected

  • For more information, refer to the vendor's website.

Description

Impact

A remote attacker could execute a malicious script on the web browser of a user who accessed a web page where mod_imap or mod_imagemap is used.

Solution

References

JPCERT/CC Addendum

Credit

hoshikuzu star_dust reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CAN-2005-3352
JVN iPedia JVNDB-2005-000727

Update History