ports/91157: security/vuxml: Add the entry of apache mod_imap cross-site scripting vulnerability (CVE-2005-3352)
KOMATSU Shinichiro
koma2 at lovepeers.org
Sun Jan 1 09:50:04 UTC 2006
>Number: 91157
>Category: ports
>Synopsis: security/vuxml: Add the entry of apache mod_imap cross-site scripting vulnerability (CVE-2005-3352)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 01 09:50:02 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: KOMATSU Shinichiro
>Release: FreeBSD 5.4-RELEASE-p8 i386
>Organization:
>Environment:
FreeBSD 5.4-RELEASE-p8 i386
>Description:
"Apache mod_imap cross-site scripting vulnerability" (CVE-2005-3352)
has already been fixed in ports tree, but not documented in VuXML.
>How-To-Repeat:
>Fix:
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.918
diff -u -r1.918 vuln.xml
--- vuln.xml 25 Dec 2005 22:23:51 -0000 1.918
+++ vuln.xml 1 Jan 2006 09:30:40 -0000
@@ -34,6 +34,35 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="9fff8dc8-7aa7-11da-bf72-00123f589060">
+ <topic>apache --- mod_imap cross-site scripting flaw</topic>
+ <affects>
+ <package>
+ <name>apache</name>
+ <range><ge>1.3.0</ge><lt>1.3.34_3</lt></range>
+ <range><ge>2.0.35</ge><lt>2.0.55_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A flaw in mod_imap when using the Referer directive with image maps.
+ In certain site configurations a remote attacker could perform
+ a cross-site scripting attack if a victim can be forced to
+ visit a malicious URL using certain web browsers.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2005-3352</cvename>
+ <bid>15834</bid>
+ <url>http://www.apacheweek.com/features/security-13</url>
+ <url>http://www.apacheweek.com/features/security-20</url>
+ </references>
+ <dates>
+ <discovery>2005-11-01</discovery>
+ <entry>2006-01-01</entry>
+ </dates>
+ </vuln>
+
<vuln vid="43770b1c-72f6-11da-8c1d-000e0c2e438a">
<topic>nbd-server -- buffer overflow vulnerability</topic>
<affects>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list