Cross-Site Scripting Vulnerability in Apache mod_imap Module

Cross-Site Scripting Vulnerability in Apache mod_imap Module

Web Services News

Open Source Software News

Web Services News

Open Source Software News

RELATED NEWS

Twitter hack traces back to Japanese user trying to expose flaw

Ebaums Responsible for Bieber Attacks YouTube Hack

Top 10 Precautions to Protect Windows Computer Against Virus, Spyware and Malware

Mitsubishi to start construction in fall for $100M wind turbine plant in Arkansas

Techie volunteers develop new social Web tools in Haiti relief marathon

Techie volunteers take advantage of social Web tools in Haiti relief marathon

More than 100 hours after quake, rescuers pull another survivor from wreckage of hotel

Amid heaps of rubble, Haitians mount desperate search for missing loved ones

Best Practices for SaaS Software Testing & Quality Assurance

Google Friends & Updates to take on Facebook

By Angsuman Chakraborty, Gaea News Network
Friday, December 16, 2005

A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server’s mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Input passed to the image map “Referer” directive in “mod_imap” isn’t properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

The vulnerability has been reported in versions 1.3.0 through 1.3.34, and versions 2.0.35 through 2.0.55.

The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.

Link

It affects pretty much all platforms as far as I could check.

Filed under: Headline News, Open Source Software, Web, Web Services

Discuss Bellow

YOUR VIEW POINT

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News