4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.016 Low
EPSS
Percentile
87.2%
CentOS Errata and Security Advisory CESA-2006:0158-01
The Apache HTTP Server is a popular and freely-available Web server.
A flaw in mod_imap when using the Referer directive with image maps was
discovered. With certain site configurations, a remote attacker could
perform a cross-site scripting attack if a victim can be forced to visit a
malicious URL using certain web browsers. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3352 to this issue.
Users of apache should upgrade to these updated packages, which contain
a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-January/074765.html
Affected packages:
apache
apache-devel
apache-manual
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | apache | < 1.3.27-10.ent.c2.1 | apache-1.3.27-10.ent.c2.1.i386.rpm |
CentOS | 2 | i386 | apache-devel | < 1.3.27-10.ent.c2.1 | apache-devel-1.3.27-10.ent.c2.1.i386.rpm |
CentOS | 2 | i386 | apache-manual | < 1.3.27-10.ent.c2.1 | apache-manual-1.3.27-10.ent.c2.1.i386.rpm |