Published:2007/12/13 Last Updated:2015/10/21
JVN#80057925
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Overview
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
Products Affected
- Apache HTTP Server 2.2.6 and earlier
- Apache HTTP Server 2.0.61 and earlier
- Apache HTTP Server 1.3.39 and earlier
Description
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.
Impact
An arbitrary script can be executed on the user's web browser.
Solution
Apply the Patch
Apply the appropriate patches according to the information provided by the vendors.\n\n
Vendor Status
Vendor | Status | Last Update | Vendor Notes |
---|---|---|---|
Canon Inc. | Not Vulnerable | 2008/08/20 | |
centurysys | Not Vulnerable, investigating | 2007/12/13 | |
FUJITSU LIMITED | Vulnerable | 2015/10/13 | |
hitachi | Vulnerable | 2007/12/13 | |
NEC Corporation | Vulnerable | 2009/07/08 |
Vendor | Link |
The Apache Software Foundation | Apache 2.2 Security Vulnerabilities CVE-2007-5000 |
Apache 2.0 Security Vulnerabilities CVE-2007-5000 | |
Apache 1.3 Security Vulnerabilities CVE-2007-5000 | |
Apache HTTP SERVER PROJECT |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
HIRT (Hitachi Incident Response Team) reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory | |
CPNI Advisory | |
TRnotes | |
CVE |
CVE-2007-5000 |
JVN iPedia |
JVNDB-2007-000819 |
Update History
- 2008/05/21
- JVN English site opened and the first English advisory of this issue was published.
- 2008/08/20
- Canon Inc. updated its status under the section "Vendor Status".
- 2014/10/27
- FUJITSU LIMITED update status
- 2015/10/21
- FUJITSU LIMITED update status