Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2007-5000First vendor Publication2007-12-13
VendorCveLast vendor Modification2013-08-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

CWE : Common Weakness Enumeration

idName
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9539
 
Oval ID: oval:org.mitre.oval:def:9539
Title: Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Description: Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5000
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application57

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003
File : nvt/macosx_upd_10_5_3_secupd_2008-003.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13Name : Solaris Update for Apache 1.3 122911-17
File : nvt/gb_solaris_122911_17.nasl
2009-10-13Name : Solaris Update for Apache 1.3 122912-17
File : nvt/gb_solaris_122912_17.nasl
2009-10-10Name : SLES9: Security update for Apache 2
File : nvt/sles9p5023052.nasl
2009-10-10Name : SLES9: Security update for Apache
File : nvt/sles9p5023075.nasl
2009-09-23Name : Solaris Update for Apache 1.3 122911-16
File : nvt/gb_solaris_122911_16.nasl
2009-09-23Name : Solaris Update for Apache 1.3 122912-16
File : nvt/gb_solaris_122912_16.nasl
2009-06-03Name : Solaris Update for Apache 116973-07
File : nvt/gb_solaris_116973_07.nasl
2009-06-03Name : Solaris Update for Apache 116974-07
File : nvt/gb_solaris_116974_07.nasl
2009-06-03Name : Solaris Update for Apache Security 113146-12
File : nvt/gb_solaris_113146_12.nasl
2009-06-03Name : Solaris Update for Apache Security 114145-11
File : nvt/gb_solaris_114145_11.nasl
2009-06-03Name : Solaris Update for Apache 2 120543-14
File : nvt/gb_solaris_120543_14.nasl
2009-06-03Name : Solaris Update for Apache 2 120544-14
File : nvt/gb_solaris_120544_14.nasl
2009-06-03Name : Solaris Update for Apache 1.3 122911-15
File : nvt/gb_solaris_122911_15.nasl
2009-06-03Name : Solaris Update for Apache 1.3 122912-15
File : nvt/gb_solaris_122912_15.nasl
2009-05-05Name : HP-UX Update for Apache HPSBUX02308
File : nvt/gb_hp_ux_HPSBUX02308.nasl
2009-04-09Name : Mandriva Update for apache MDVSA-2008:016 (apache)
File : nvt/gb_mandriva_MDVSA_2008_016.nasl
2009-03-23Name : Ubuntu Update for apache2 vulnerabilities USN-575-1
File : nvt/gb_ubuntu_USN_575_1.nasl
2009-03-06Name : RedHat Update for apache RHSA-2008:0004-01
File : nvt/gb_RHSA-2008_0004-01_apache.nasl
2009-03-06Name : RedHat Update for httpd RHSA-2008:0005-01
File : nvt/gb_RHSA-2008_0005-01_httpd.nasl
2009-03-06Name : RedHat Update for httpd RHSA-2008:0006-01
File : nvt/gb_RHSA-2008_0006-01_httpd.nasl
2009-03-06Name : RedHat Update for httpd RHSA-2008:0008-01
File : nvt/gb_RHSA-2008_0008-01_httpd.nasl
2009-02-27Name : CentOS Update for apache CESA-2008:0004-01 centos2 i386
File : nvt/gb_CESA-2008_0004-01_apache_centos2_i386.nasl
2009-02-27Name : CentOS Update for httpd CESA-2008:0005 centos3 i386
File : nvt/gb_CESA-2008_0005_httpd_centos3_i386.nasl
2009-02-27Name : CentOS Update for httpd CESA-2008:0005 centos3 x86_64
File : nvt/gb_CESA-2008_0005_httpd_centos3_x86_64.nasl
2009-02-27Name : CentOS Update for httpd CESA-2008:0006 centos4 i386
File : nvt/gb_CESA-2008_0006_httpd_centos4_i386.nasl
2009-02-27Name : CentOS Update for httpd CESA-2008:0006 centos4 x86_64
File : nvt/gb_CESA-2008_0006_httpd_centos4_x86_64.nasl
2009-02-16Name : Fedora Update for httpd FEDORA-2008-1695
File : nvt/gb_fedora_2008_1695_httpd_fc8.nasl
2009-02-16Name : Fedora Update for httpd FEDORA-2008-1711
File : nvt/gb_fedora_2008_1711_httpd_fc7.nasl
2009-01-23Name : SuSE Update for apache2,apache SUSE-SA:2008:021
File : nvt/gb_suse_2008_021.nasl
2008-12-02Name : HP OpenView Network Node Manager XSS Vulnerability
File : nvt/secpod_hp_openview_nnm_xss_vuln_900403.nasl
0000-00-00Name : Slackware Advisory SSA:2008-045-01 httpd
File : nvt/esoft_slk_ssa_2008_045_01.nasl
0000-00-00Name : Slackware Advisory SSA:2008-045-02 apache
File : nvt/esoft_slk_ssa_2008_045_02.nasl
0000-00-00Name : Slackware Advisory SSA:2008-210-02 httpd
File : nvt/esoft_slk_ssa_2008_210_02.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
39134Apache mod_imagemap Module Imagemap Unspecified XSS
39133Apache mod_imap Module Imagemap File Unspecified XSS

Snort® IPS/IDS

DateDescription
2014-01-10Apache mod_imagemap cross site scripting attempt
RuleID : 13302 - Revision : 7 - Type : SERVER-APACHE

Nessus® Vulnerability Scanner

DateDescription
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2009-0010.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL8186.nasl - Type : ACT_GATHER_INFO
2013-08-11Name : The remote web server may be affected by multiple vulnerabilities.
File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0006.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0008.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080115_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2010-01-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12124.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12125.nasl - Type : ACT_GATHER_INFO
2009-06-15Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38147.nasl - Type : ACT_GATHER_INFO
2009-06-15Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38148.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-016.nasl - Type : ACT_GATHER_INFO
2008-11-25Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38761.nasl - Type : ACT_GATHER_INFO
2008-07-29Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-210-02.nasl - Type : ACT_GATHER_INFO
2008-05-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_3.nasl - Type : ACT_GATHER_INFO
2008-05-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-003.nasl - Type : ACT_GATHER_INFO
2008-04-04Name : The remote openSUSE host is missing a security update.
File : suse_apache2-5125.nasl - Type : ACT_GATHER_INFO
2008-04-04Name : The remote openSUSE host is missing a security update.
File : suse_apache2-5126.nasl - Type : ACT_GATHER_INFO
2008-04-04Name : The remote openSUSE host is missing a security update.
File : suse_apache2-5127.nasl - Type : ACT_GATHER_INFO
2008-04-04Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_apache2-5128.nasl - Type : ACT_GATHER_INFO
2008-03-19Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-002.nasl - Type : ACT_GATHER_INFO
2008-03-07Name : The remote web server may be affected by several issues.
File : apache_1_3_41.nasl - Type : ACT_GATHER_INFO
2008-03-07Name : The remote web server may be affected by several issues.
File : apache_2_0_63.nasl - Type : ACT_GATHER_INFO
2008-02-20Name : The remote web server may be affected by several issues.
File : apache_2_2_8.nasl - Type : ACT_GATHER_INFO
2008-02-18Name : The remote Fedora host is missing a security update.
File : fedora_2008-1695.nasl - Type : ACT_GATHER_INFO
2008-02-18Name : The remote Fedora host is missing a security update.
File : fedora_2008-1711.nasl - Type : ACT_GATHER_INFO
2008-02-18Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-045-01.nasl - Type : ACT_GATHER_INFO
2008-02-18Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-045-02.nasl - Type : ACT_GATHER_INFO
2008-02-05Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-575-1.nasl - Type : ACT_GATHER_INFO
2008-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0004.nasl - Type : ACT_GATHER_INFO
2008-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2008-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO
2008-01-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0008.nasl - Type : ACT_GATHER_INFO
2008-01-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0005.nasl - Type : ACT_GATHER_INFO
2008-01-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0006.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
AIXAPARhttp://www-1.ibm.com/support/docview.wss?uid=swg1PK58024
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
APPLEhttp://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
BIDhttp://www.securityfocus.com/bid/26838
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/494428/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded
CERThttp://www.us-cert.gov/cas/techalerts/TA08-150A.html
CONFIRMhttp://docs.info.apple.com/article.html?artnum=307562
http://httpd.apache.org/security/vulnerabilities_13.html
http://httpd.apache.org/security/vulnerabilities_20.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
http://www.fujitsu.com/global/support/software/security/products-f/interstage...
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg0054...
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0056...
HPhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://www.securityfocus.com/archive/1/archive/1/498523/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/498523/100/0/threaded
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:014
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
MLISThttp://lists.vmware.com/pipermail/security-announce/2009/000062.html
OSVDBhttp://www.osvdb.org/39134
REDHAThttp://www.redhat.com/support/errata/RHSA-2008-0004.html
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://www.redhat.com/support/errata/RHSA-2008-0006.html
http://www.redhat.com/support/errata/RHSA-2008-0007.html
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
SECTRACKhttp://securitytracker.com/id?1019093
SECUNIAhttp://secunia.com/advisories/28046
http://secunia.com/advisories/28073
http://secunia.com/advisories/28081
http://secunia.com/advisories/28196
http://secunia.com/advisories/28375
http://secunia.com/advisories/28467
http://secunia.com/advisories/28471
http://secunia.com/advisories/28525
http://secunia.com/advisories/28526
http://secunia.com/advisories/28607
http://secunia.com/advisories/28749
http://secunia.com/advisories/28750
http://secunia.com/advisories/28922
http://secunia.com/advisories/28977
http://secunia.com/advisories/29420
http://secunia.com/advisories/29640
http://secunia.com/advisories/29806
http://secunia.com/advisories/29988
http://secunia.com/advisories/30356
http://secunia.com/advisories/30430
http://secunia.com/advisories/30732
http://secunia.com/advisories/31142
http://secunia.com/advisories/32800
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&...
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
UBUNTUhttp://www.ubuntu.com/usn/usn-575-1
VUPENhttp://www.vupen.com/english/advisories/2007/4201
http://www.vupen.com/english/advisories/2007/4202
http://www.vupen.com/english/advisories/2007/4301
http://www.vupen.com/english/advisories/2008/0084
http://www.vupen.com/english/advisories/2008/0178
http://www.vupen.com/english/advisories/2008/0398
http://www.vupen.com/english/advisories/2008/0809/references
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1224/references
http://www.vupen.com/english/advisories/2008/1623/references
http://www.vupen.com/english/advisories/2008/1697
http://www.vupen.com/english/advisories/2008/1875/references

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2014-10-11 13:26:00
  • Multiple Updates
2014-02-17 10:41:50
  • Multiple Updates
2014-01-19 21:24:27
  • Multiple Updates
2013-08-29 13:19:40
  • Multiple Updates
2013-07-17 21:18:40
  • Multiple Updates
2013-05-11 10:36:56
  • Multiple Updates
2012-11-07 00:16:06
  • Multiple Updates