Lucene search

K
centosCentOS ProjectCESA-2006:0158-01
HistoryJan 30, 2006 - 12:50 a.m.

apache security update

2006-01-3000:50:54
CentOS Project
lists.centos.org
35

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.016 Low

EPSS

Percentile

87.2%

CentOS Errata and Security Advisory CESA-2006:0158-01

The Apache HTTP Server is a popular and freely-available Web server.

A flaw in mod_imap when using the Referer directive with image maps was
discovered. With certain site configurations, a remote attacker could
perform a cross-site scripting attack if a victim can be forced to visit a
malicious URL using certain web browsers. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3352 to this issue.

Users of apache should upgrade to these updated packages, which contain
a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-January/074765.html

Affected packages:
apache
apache-devel
apache-manual

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.016 Low

EPSS

Percentile

87.2%

Related for CESA-2006:0158-01