CVE-2005-3352

Description

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Category

4.3
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 37.14% Top 5%
Vendor Advisory sun.com Vendor Advisory hp.com Vendor Advisory debian.org Vendor Advisory securityfocus.com Vendor Advisory suse.de Vendor Advisory securityfocus.com Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory novell.com Vendor Advisory mandriva.com Vendor Advisory ubuntulinux.org Vendor Advisory sgi.com Vendor Advisory openpkg.org Vendor Advisory securityfocus.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory securityfocus.com Vendor Advisory redhat.com Vendor Advisory suse.com Vendor Advisory apple.com Vendor Advisory apple.com Vendor Advisory trustix.org Vendor Advisory slackware.com Vendor Advisory ibm.com Vendor Advisory redhat.com Vendor Advisory ibm.com Vendor Advisory gentoo.org Vendor Advisory slackware.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://secunia.com/advisories/17319 url repurposed not applicable third party advisory
http://www.vupen.com/english/advisories/2006/3995 vdb entry third party advisory
http://secunia.com/advisories/18526 third party advisory not applicable
http://secunia.com/advisories/20046 third party advisory not applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1 third party advisory vendor advisory
http://securitytracker.com/id?1015344 vdb entry third party advisory patch
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 vendor advisory broken link
http://www.debian.org/security/2006/dsa-1167 third party advisory vendor advisory
http://secunia.com/advisories/18339 third party advisory not applicable
http://www.securityfocus.com/archive/1/450321/100/0/threaded vdb entry third party advisory vendor advisory
http://www.vupen.com/english/advisories/2006/4300 vdb entry third party advisory
http://secunia.com/advisories/21744 third party advisory not applicable
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html vendor advisory broken link
http://secunia.com/advisories/18340 third party advisory not applicable
http://www.vupen.com/english/advisories/2008/1246/references vdb entry third party advisory
http://www.securityfocus.com/archive/1/450315/100/0/threaded vdb entry third party advisory vendor advisory
http://secunia.com/advisories/20670 third party advisory not applicable
http://marc.info/?l=bugtraq&m=130497311408250&w=2 mailing list third party advisory vendor advisory
http://secunia.com/advisories/23260 third party advisory
http://rhn.redhat.com/errata/RHSA-2006-0159.html third party advisory vendor advisory
http://secunia.com/advisories/18008 third party advisory not applicable
http://www.novell.com/linux/security/advisories/2006_43_apache.html third party advisory vendor advisory
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html third party advisory
http://www.vupen.com/english/advisories/2006/2423 vdb entry third party advisory
http://www.vupen.com/english/advisories/2008/0924/references vdb entry third party advisory
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007 third party advisory vendor advisory
http://secunia.com/advisories/29849 third party advisory
http://secunia.com/advisories/18333 third party advisory not applicable
http://www.vupen.com/english/advisories/2006/4015 vdb entry third party advisory
http://www.ubuntulinux.org/usn/usn-241-1 third party advisory vendor advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html third party advisory us government resource
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U vendor advisory broken link
http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt third party advisory vendor advisory
http://secunia.com/advisories/22368 third party advisory
http://www.securityfocus.com/archive/1/445206/100/0/threaded vdb entry third party advisory vendor advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1 third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2006-0158.html third party advisory vendor advisory
http://secunia.com/advisories/29420 third party advisory
http://www.securityfocus.com/archive/1/425399/100/0/threaded vdb entry third party advisory vendor advisory
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html third party advisory vendor advisory
http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html vendor advisory broken link
http://www.vupen.com/english/advisories/2006/4868 vdb entry third party advisory
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html mailing list vendor advisory
http://secunia.com/advisories/30430 third party advisory
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html mailing list vendor advisory
http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 issue tracking
http://secunia.com/advisories/18517 third party advisory not applicable
http://secunia.com/advisories/22669 third party advisory
http://www.trustix.org/errata/2005/0074/ third party advisory vendor advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483 third party advisory vendor advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only third party advisory vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480 vdb entry signature broken link
http://rhn.redhat.com/errata/RHSA-2006-0692.html vendor advisory broken link
http://secunia.com/advisories/18585 third party advisory not applicable
http://docs.info.apple.com/article.html?artnum=307562 broken link
http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only third party advisory vendor advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml third party advisory vendor advisory
http://www.vupen.com/english/advisories/2008/1697 vdb entry third party advisory
http://secunia.com/advisories/19012 third party advisory not applicable
http://secunia.com/advisories/18429 third party advisory not applicable
http://www.securityfocus.com/bid/15834 vdb entry third party advisory
http://www.vupen.com/english/advisories/2005/2870 vdb entry third party advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158 third party advisory vendor advisory
http://secunia.com/advisories/18743 third party advisory not applicable
http://secunia.com/advisories/25239 third party advisory
http://secunia.com/advisories/22140 third party advisory
http://secunia.com/advisories/22388 third party advisory
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E third party advisory mailing list

Frequently Asked Questions

What is the severity of CVE-2005-3352?
CVE-2005-3352 has been scored as a medium severity vulnerability.
How to fix CVE-2005-3352?
To fix CVE-2005-3352, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2005-3352 being actively exploited in the wild?
It is possible that CVE-2005-3352 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~37% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.