Upstream information

CVE-2005-3352 at MITRE

Description

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 138083 [RESOLVED / FIXED], 142507 [RESOLVED / DUPLICATE]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 9.1 for IA32
SUSE LINUX 9.1 for x86-64
  • apache2 >= 2.0.49-27.45
  • apache2-devel >= 2.0.49-27.45
  • apache2-prefork >= 2.0.49-27.45
  • apache2-worker >= 2.0.49-27.45
  • libapr0 >= 2.0.49-27.45
SUSE LINUX 9.2
  • apache2 >= 2.0.50-7.12
  • apache2-devel >= 2.0.50-7.12
  • apache2-prefork >= 2.0.50-7.12
  • apache2-worker >= 2.0.50-7.12
  • libapr0 >= 2.0.50-7.12
SUSE LINUX 9.3
  • apache2 >= 2.0.53-9.10
  • apache2-devel >= 2.0.53-9.10
  • apache2-prefork >= 2.0.53-9.10
  • apache2-worker >= 2.0.53-9.10
  • libapr0 >= 2.0.53-9.10
Open Enterprise Server
  • apache2 >= 2.0.49-27.45
  • apache2-prefork >= 2.0.49-27.45
  • apache2-worker >= 2.0.49-27.45
core9.x86-64
core9.s390
core9.ppc
core9.ia64
core9.x86
YOU Patch Nr: 10850
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • apache >= 1.3.26-171
  • apache-devel >= 1.3.26-171
  • mod_ssl >= 2.8.10-171
ul1.s390
slrs8.x86
core9.s390
sles9-nlpos.x86
YOU Patch Nr: 11489
Open Enterprise Server
  • apache >= 1.3.29-71.24
  • apache-devel >= 1.3.29-71.24
  • mod_ssl >= 2.8.16-71.24
ul1.s390
slrs8.x86
core9.s390
sles9-nlpos.x86
YOU Patch Nr: 11489
Open Enterprise Server
  • apache2 >= 2.0.49-27.51
  • apache2-prefork >= 2.0.49-27.51
  • apache2-worker >= 2.0.49-27.51
core9.ppc
sles10.x86
core9.x86-64
sles10.s390x
core9.x86
core9.s390
core9.ia64
ZYPP Patch Nr: 1906
SUSE LINUX 10.0
  • apache2 >= 2.0.54-10.3
  • apache2-prefork >= 2.0.54-10.3
  • apache2-worker >= 2.0.54-10.3