CVE-2007-5000

httpd: mod_imagemap XSS

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en los módulos (1) mod_imap en Apache HTTP Server 1.3.0 hasta 1.3.39 y 2.0.35 hasta 2.0.61, y (2) mod_imagemap en Apache HTTP Server 2.2.0 hasta 2.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-20 CVE Reserved
2007-12-13 CVE Published
2024-08-07 CVE Updated
2024-10-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (86)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=307562	Broken Link
http://lists.vmware.com/pipermail/security-announce/2009/000062.html	Mailing List
http://secunia.com/advisories/28081	Broken Link
http://secunia.com/advisories/28196	Broken Link
http://secunia.com/advisories/28375	Broken Link
http://secunia.com/advisories/28467	Broken Link
http://secunia.com/advisories/28471	Broken Link
http://secunia.com/advisories/28525	Broken Link
http://secunia.com/advisories/28526	Broken Link
http://secunia.com/advisories/28607	Broken Link
http://secunia.com/advisories/28749	Broken Link
http://secunia.com/advisories/28750	Broken Link
http://secunia.com/advisories/28922	Broken Link
http://secunia.com/advisories/28977	Broken Link
http://secunia.com/advisories/29420	Broken Link
http://secunia.com/advisories/29640	Broken Link
http://secunia.com/advisories/29806	Broken Link
http://secunia.com/advisories/29988	Broken Link
http://secunia.com/advisories/30356	Broken Link
http://secunia.com/advisories/30430	Broken Link
http://secunia.com/advisories/30732	Broken Link
http://secunia.com/advisories/31142	Broken Link
http://secunia.com/advisories/32800	Broken Link
http://securitytracker.com/id?1019093	Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm	Third Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	Third Party Advisory
http://www.osvdb.org/39134	Broken Link
http://www.securityfocus.com/archive/1/494428/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/505990/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/26838	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39001	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/39002	Third Party Advisory
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501	2023-11-07
http://httpd.apache.org/security/vulnerabilities_13.html	2023-11-07
http://httpd.apache.org/security/vulnerabilities_20.html	2023-11-07
http://httpd.apache.org/security/vulnerabilities_22.html	2023-11-07
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	2023-11-07
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html	2023-11-07
http://marc.info/?l=bugtraq&m=130497311408250&w=2	2023-11-07
http://secunia.com/advisories/28046	2023-11-07
http://secunia.com/advisories/28073	2023-11-07
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748	2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1	2023-11-07
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024	2023-11-07
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074	2023-11-07
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273	2023-11-07
http://www-1.ibm.com/support/docview.wss?uid=swg24019245	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0004.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0005.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0006.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0007.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0008.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0009.html	2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0261.html	2023-11-07
http://www.securityfocus.com/archive/1/498523/100/0/threaded	2023-11-07
http://www.ubuntu.com/usn/usn-575-1	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2007-5000	2010-08-04
https://bugzilla.redhat.com/show_bug.cgi?id=419931	2010-08-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 1.3.0 <= 1.3.39 Search vendor "Apache" for product "Http Server" and version " >= 1.3.0 <= 1.3.39"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.0.35 <= 2.0.61 Search vendor "Apache" for product "Http Server" and version " >= 2.0.35 <= 2.0.61"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.2.0 <= 2.2.6 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 <= 2.2.6"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				7 Search vendor "Fedoraproject" for product "Fedora" and version "7"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				8 Search vendor "Fedoraproject" for product "Fedora" and version "8"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				10.2 Search vendor "Opensuse" for product "Opensuse" and version "10.2"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				10.3 Search vendor "Opensuse" for product "Opensuse" and version "10.3"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				9 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "9"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				9 Search vendor "Suse" for product "Linux Enterprise Server" and version "9"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10"		sp1		Affected
Oracle Search vendor "Oracle"		Http Server Search vendor "Oracle" for product "Http Server"				10.1.3.5.0 Search vendor "Oracle" for product "Http Server" and version "10.1.3.5.0"		-		Affected