From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Jan 1 09:50:04 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93B5916A41F for ; Sun, 1 Jan 2006 09:50:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9A3B043D53 for ; Sun, 1 Jan 2006 09:50:03 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k019o36E053740 for ; Sun, 1 Jan 2006 09:50:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k019o3sw053735; Sun, 1 Jan 2006 09:50:03 GMT (envelope-from gnats) Resent-Date: Sun, 1 Jan 2006 09:50:03 GMT Resent-Message-Id: <200601010950.k019o3sw053735@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, KOMATSU Shinichiro Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8CF9916A41F for ; Sun, 1 Jan 2006 09:46:58 +0000 (GMT) (envelope-from koma2@timedia.co.jp) Received: from timedia.co.jp (nurikabe.timedia.co.jp [218.225.123.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 032F043D48 for ; Sun, 1 Jan 2006 09:46:57 +0000 (GMT) (envelope-from koma2@timedia.co.jp) Received: by koma2-45.wins.timedia.co.jp (Postfix, from userid 1000) id 3F865114AF; Sun, 1 Jan 2006 18:46:57 +0900 (JST) Message-Id: <20060101094657.3F865114AF@koma2-45.wins.timedia.co.jp> Date: Sun, 1 Jan 2006 18:46:57 +0900 (JST) From: KOMATSU Shinichiro To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/91157: security/vuxml: Add the entry of apache mod_imap cross-site scripting vulnerability (CVE-2005-3352) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: KOMATSU Shinichiro List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2006 09:50:04 -0000 >Number: 91157 >Category: ports >Synopsis: security/vuxml: Add the entry of apache mod_imap cross-site scripting vulnerability (CVE-2005-3352) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Jan 01 09:50:02 GMT 2006 >Closed-Date: >Last-Modified: >Originator: KOMATSU Shinichiro >Release: FreeBSD 5.4-RELEASE-p8 i386 >Organization: >Environment: FreeBSD 5.4-RELEASE-p8 i386 >Description: "Apache mod_imap cross-site scripting vulnerability" (CVE-2005-3352) has already been fixed in ports tree, but not documented in VuXML. >How-To-Repeat: >Fix: Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.918 diff -u -r1.918 vuln.xml --- vuln.xml 25 Dec 2005 22:23:51 -0000 1.918 +++ vuln.xml 1 Jan 2006 09:30:40 -0000 @@ -34,6 +34,35 @@ --> + + apache --- mod_imap cross-site scripting flaw + + + apache + 1.3.01.3.34_3 + 2.0.352.0.55_2 + + + + +

A flaw in mod_imap when using the Referer directive with image maps. + In certain site configurations a remote attacker could perform + a cross-site scripting attack if a victim can be forced to + visit a malicious URL using certain web browsers.

+ + + + CVE-2005-3352 + 15834 + http://www.apacheweek.com/features/security-13 + http://www.apacheweek.com/features/security-20 + + + 2005-11-01 + 2006-01-01 + + + nbd-server -- buffer overflow vulnerability >Release-Note: >Audit-Trail: >Unformatted: