CVE-2007-5000

Executive Summary

Informations
Name	CVE-2007-5000	First vendor Publication	2007-12-13
Vendor	Cve	Last vendor Modification	2012-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

CWE : Common Weakness Enumeration

id	Name
CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9539

Oval ID:	oval:org.mitre.oval:def:9539
Title:	Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Description:	Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5000	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section httpd-devel is earlier than 0:2.0.46-70.ent AND mod_ssl is earlier than 0:2.0.46-70.ent AND httpd is earlier than 0:2.0.46-70.ent OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section httpd-suexec is earlier than 0:2.0.52-38.ent.2 AND httpd-manual is earlier than 0:2.0.52-38.ent.2 AND httpd-devel is earlier than 0:2.0.52-38.ent.2 AND mod_ssl is earlier than 0:2.0.52-38.ent.2 AND httpd is earlier than 0:2.0.52-38.ent.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section httpd-manual is earlier than 0:2.2.3-11.el5_1.3 AND httpd-devel is earlier than 0:2.2.3-11.el5_1.3 AND mod_ssl is earlier than 0:2.2.3-11.el5_1.3 AND httpd is earlier than 0:2.2.3-11.el5_1.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Http Server cpe:/a:apache:http_server:2.2.6 cpe:/a:apache:http_server:2.2.5 cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.2.3 cpe:/a:apache:http_server:2.2.2 cpe:/a:apache:http_server:2.2.1 cpe:/a:apache:http_server:2.2 cpe:/a:apache:http_server:2.0.61 cpe:/a:apache:http_server:2.0.60 cpe:/a:apache:http_server:2.0.59 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.56 cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:2.0.49 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:2.0.38 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:2.0.35 cpe:/a:apache:http_server:1.3.9 cpe:/a:apache:http_server:1.3.8 cpe:/a:apache:http_server:1.3.7 cpe:/a:apache:http_server:1.3.6 cpe:/a:apache:http_server:1.3.5 cpe:/a:apache:http_server:1.3.4 cpe:/a:apache:http_server:1.3.37 cpe:/a:apache:http_server:1.3.33 cpe:/a:apache:http_server:1.3.32 cpe:/a:apache:http_server:1.3.31 cpe:/a:apache:http_server:1.3.30 cpe:/a:apache:http_server:1.3.29 cpe:/a:apache:http_server:1.3.28 cpe:/a:apache:http_server:1.3.27 cpe:/a:apache:http_server:1.3.26 cpe:/a:apache:http_server:1.3.25 cpe:/a:apache:http_server:1.3.24 cpe:/a:apache:http_server:1.3.23 cpe:/a:apache:http_server:1.3.22 cpe:/a:apache:http_server:1.3.12 cpe:/a:apache:http_server:1.3.11 cpe:/a:apache:http_server:1.3.1 cpe:/a:apache:http_server:1.3.0	57

Open Source Vulnerability Database (OSVDB)

id	Description
39134	Apache mod_imagemap Module Imagemap Unspecified XSS
39133	Apache mod_imap Module Imagemap File Unspecified XSS

Internal Sources (Detail)

Source	Url
AIXAPAR	http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024 http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273 http://www-1.ibm.com/support/docview.wss?uid=swg24019245
APPLE	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BID	http://www.securityfocus.com/bid/26838
BUGTRAQ	http://www.securityfocus.com/archive/1/archive/1/494428/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded
CERT	http://www.us-cert.gov/cas/techalerts/TA08-150A.html
CONFIRM	http://docs.info.apple.com/article.html?artnum=307562 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm http://www.fujitsu.com/global/support/software/security/products-f/interstage...
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0054... https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0056...
HP	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://www.securityfocus.com/archive/1/archive/1/498523/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/498523/100/0/threaded
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 http://www.mandriva.com/security/advisories?name=MDVSA-2008:015 http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
MLIST	http://lists.vmware.com/pipermail/security-announce/2009/000062.html
OSVDB	http://www.osvdb.org/39134
REDHAT	http://www.redhat.com/support/errata/RHSA-2008-0004.html http://www.redhat.com/support/errata/RHSA-2008-0005.html http://www.redhat.com/support/errata/RHSA-2008-0006.html http://www.redhat.com/support/errata/RHSA-2008-0007.html http://www.redhat.com/support/errata/RHSA-2008-0008.html http://www.redhat.com/support/errata/RHSA-2008-0009.html http://www.redhat.com/support/errata/RHSA-2008-0261.html
SECTRACK	http://securitytracker.com/id?1019093
SECUNIA	http://secunia.com/advisories/28046 http://secunia.com/advisories/28073 http://secunia.com/advisories/28081 http://secunia.com/advisories/28196 http://secunia.com/advisories/28375 http://secunia.com/advisories/28467 http://secunia.com/advisories/28471 http://secunia.com/advisories/28525 http://secunia.com/advisories/28526 http://secunia.com/advisories/28607 http://secunia.com/advisories/28749 http://secunia.com/advisories/28750 http://secunia.com/advisories/28922 http://secunia.com/advisories/28977 http://secunia.com/advisories/29420 http://secunia.com/advisories/29640 http://secunia.com/advisories/29806 http://secunia.com/advisories/29988 http://secunia.com/advisories/30356 http://secunia.com/advisories/30430 http://secunia.com/advisories/30732 http://secunia.com/advisories/31142 http://secunia.com/advisories/32800
SLACKWARE	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&...
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
UBUNTU	http://www.ubuntu.com/usn/usn-575-1
VUPEN	http://www.vupen.com/english/advisories/2007/4201 http://www.vupen.com/english/advisories/2007/4202 http://www.vupen.com/english/advisories/2007/4301 http://www.vupen.com/english/advisories/2008/0084 http://www.vupen.com/english/advisories/2008/0178 http://www.vupen.com/english/advisories/2008/0398 http://www.vupen.com/english/advisories/2008/0809/references http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/1224/references http://www.vupen.com/english/advisories/2008/1623/references http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/1875/references

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 10:36:56	Multiple Updates
2012-11-07 00:16:06	Multiple Updates

Type	Count
Oval ID(s)	1
CPE ID(s)	57
osvdb(s)	2

Related	Severity
TA08-150A	(Critical)
HPSBOV02683 SSR...	(Critical)
VMSA-2009-0010	(Medium)
HPSBUX02308 SSR...	(Medium)
USN-575-1	(Medium)
RHSA-2008:0005	(Medium)
HPSBMA02442 SSR...	(Medium)
SUN-233623	(Medium)
RHSA-2008:0009	(Medium)
RHSA-2008:0008	(Medium)
RHSA-2008:0007	(Medium)
RHSA-2008:0006	(Medium)
RHSA-2008:0004	(Medium)
MDVSA-2008:016	(Medium)
MDVSA-2008:015	(Medium)
MDVSA-2008:014	(Medium)
HPSBMA02388 SSR...	(Medium)