CVE-2007-5000
Published Dec 13, 2007
Last updated a year ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Vendor comments
- ApacheFixed in Apache HTTP Server 2.2.8, 2.0.63, and 1.3.41: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9C9D1A2-9CC9-49D8-9A3F-BD05596A5A4D",
"versionEndIncluding": "1.3.39",
"versionStartIncluding": "1.3.0"
},
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "04EDED7F-C19B-4F21-8921-0F7E28898030",
"versionEndIncluding": "2.0.61",
"versionStartIncluding": "2.0.35"
},
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99C31669-9295-4771-BE93-EA7B832213D6",
"versionEndIncluding": "2.2.6",
"versionStartIncluding": "2.2.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68B14008-5E0A-4187-AF93-DE2FF5BA5921"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29184B59-5756-48DB-930C-69D5CD628548"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:http_server:10.1.3.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2E69311-C5B8-45FA-809F-ADAE4E35559D"
}
],
"operator": "OR"
}
]
}
]