Date: Sun, 1 Jan 2006 18:46:57 +0900 (JST) From: KOMATSU Shinichiro <koma2@lovepeers.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/91157: security/vuxml: Add the entry of apache mod_imap cross-site scripting vulnerability (CVE-2005-3352) Message-ID: <20060101094657.3F865114AF@koma2-45.wins.timedia.co.jp> Resent-Message-ID: <200601010950.k019o3sw053735@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91157 >Category: ports >Synopsis: security/vuxml: Add the entry of apache mod_imap cross-site scripting vulnerability (CVE-2005-3352) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 01 09:50:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: KOMATSU Shinichiro >Release: FreeBSD 5.4-RELEASE-p8 i386 >Organization: >Environment: FreeBSD 5.4-RELEASE-p8 i386 >Description: "Apache mod_imap cross-site scripting vulnerability" (CVE-2005-3352) has already been fixed in ports tree, but not documented in VuXML. >How-To-Repeat: >Fix: Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.918 diff -u -r1.918 vuln.xml --- vuln.xml 25 Dec 2005 22:23:51 -0000 1.918 +++ vuln.xml 1 Jan 2006 09:30:40 -0000 @@ -34,6 +34,35 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="9fff8dc8-7aa7-11da-bf72-00123f589060"> + <topic>apache --- mod_imap cross-site scripting flaw</topic> + <affects> + <package> + <name>apache</name> + <range><ge>1.3.0</ge><lt>1.3.34_3</lt></range> + <range><ge>2.0.35</ge><lt>2.0.55_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>A flaw in mod_imap when using the Referer directive with image maps. + In certain site configurations a remote attacker could perform + a cross-site scripting attack if a victim can be forced to + visit a malicious URL using certain web browsers.</p> + </body> + </description> + <references> + <cvename>CVE-2005-3352</cvename> + <bid>15834</bid> + <url>http://www.apacheweek.com/features/security-13</url>; + <url>http://www.apacheweek.com/features/security-20</url>; + </references> + <dates> + <discovery>2005-11-01</discovery> + <entry>2006-01-01</entry> + </dates> + </vuln> + <vuln vid="43770b1c-72f6-11da-8c1d-000e0c2e438a"> <topic>nbd-server -- buffer overflow vulnerability</topic> <affects> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060101094657.3F865114AF>