First published: Thu Dec 13 2007(Updated: )
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Http Server | >=1.3.0<=1.3.39 | |
Apache Http Server | >=2.0.35<=2.0.61 | |
Apache Http Server | >=2.2.0<=2.2.6 | |
Red Hat Fedora | =7 | |
Red Hat Fedora | =8 | |
Ubuntu | =6.06 | |
Ubuntu | =6.10 | |
Ubuntu | =7.04 | |
Ubuntu | =7.10 | |
openSUSE | =10.2 | |
openSUSE | =10.3 | |
SUSE Linux Enterprise Desktop | =9 | |
SUSE Linux Enterprise Server | =9 | |
SUSE Linux Enterprise Server | =10-sp1 | |
Oracle HTTP Server | =10.1.3.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2007-5000 has a medium severity rating due to its potential for exploitation through cross-site scripting.
To fix CVE-2007-5000, update your Apache HTTP Server to a version that is not vulnerable, specifically above 2.2.6.
CVE-2007-5000 affects Apache HTTP Server versions 1.3.0 to 1.3.39, 2.0.35 to 2.0.61, and 2.2.0 to 2.2.6.
Yes, CVE-2007-5000 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.
The implications of CVE-2007-5000 include the risk of unauthorized actions being performed on behalf of users and potential theft of sensitive information.