CVE-2007-5000

Description

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Category

4.3
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 88.67% Top 5%
Vendor Advisory redhat.com Vendor Advisory slackware.com Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory ibm.com Vendor Advisory redhat.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory apple.com Vendor Advisory apple.com Vendor Advisory securityfocus.com Vendor Advisory ibm.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory ibm.com Vendor Advisory mandriva.com Vendor Advisory hp.com Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory ibm.com Vendor Advisory mandriva.com Vendor Advisory apache.org Vendor Advisory apache.org Vendor Advisory apache.org Vendor Advisory secunia.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.redhat.com/support/errata/RHSA-2008-0005.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2008/0178 vdb entry permissions required
http://securitytracker.com/id?1019093 vdb entry third party advisory broken link
http://secunia.com/advisories/28922 third party advisory broken link
http://www.osvdb.org/39134 vdb entry broken link
http://secunia.com/advisories/28749 third party advisory broken link
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 third party advisory vendor advisory
http://secunia.com/advisories/29988 third party advisory broken link
https://exchange.xforce.ibmcloud.com/vulnerabilities/39001 vdb entry third party advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2 issue tracking third party advisory vendor advisory
http://secunia.com/advisories/28375 third party advisory broken link
http://secunia.com/advisories/28750 third party advisory broken link
http://www.vupen.com/english/advisories/2008/1623/references vdb entry permissions required
http://secunia.com/advisories/29806 third party advisory broken link
https://exchange.xforce.ibmcloud.com/vulnerabilities/39002 vdb entry third party advisory
http://www.securityfocus.com/archive/1/494428/100/0/threaded mailing list vdb entry third party advisory
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html third party advisory vendor advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024 vendor advisory broken link
http://secunia.com/advisories/28046 broken link third party advisory vendor advisory
http://secunia.com/advisories/28526 third party advisory broken link
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html third party advisory
http://www.redhat.com/support/errata/RHSA-2008-0006.html third party advisory vendor advisory
http://secunia.com/advisories/31142 third party advisory broken link
http://www.vupen.com/english/advisories/2008/0924/references vdb entry permissions required
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1 vendor advisory broken link
http://www.redhat.com/support/errata/RHSA-2008-0007.html third party advisory vendor advisory
http://httpd.apache.org/security/vulnerabilities_20.html vendor advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html third party advisory us government resource
http://www.redhat.com/support/errata/RHSA-2008-0008.html third party advisory vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2008/0084 vdb entry permissions required
http://www.vupen.com/english/advisories/2007/4301 vdb entry permissions required
http://www.vupen.com/english/advisories/2008/0398 vdb entry permissions required
http://www.redhat.com/support/errata/RHSA-2008-0009.html third party advisory vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 vendor advisory broken link
http://www.securityfocus.com/bid/26838 vdb entry third party advisory
http://secunia.com/advisories/29420 third party advisory broken link
http://httpd.apache.org/security/vulnerabilities_22.html vendor advisory
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html mailing list broken link third party advisory vendor advisory
http://secunia.com/advisories/30430 third party advisory broken link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9539 vdb entry third party advisory signature
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html mailing list broken link third party advisory vendor advisory
http://secunia.com/advisories/28525 third party advisory broken link
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm third party advisory
http://www.vupen.com/english/advisories/2008/0809/references vdb entry permissions required
http://www.securityfocus.com/archive/1/505990/100/0/threaded mailing list vdb entry third party advisory
http://secunia.com/advisories/28081 third party advisory broken link
http://secunia.com/advisories/28467 third party advisory broken link
http://www.securityfocus.com/archive/1/498523/100/0/threaded vdb entry third party advisory vendor advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24019245 third party advisory vendor advisory
http://secunia.com/advisories/28196 third party advisory broken link
http://www.redhat.com/support/errata/RHSA-2008-0004.html third party advisory vendor advisory
http://lists.vmware.com/pipermail/security-announce/2009/000062.html third party advisory mailing list
http://secunia.com/advisories/28607 third party advisory broken link
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html mailing list third party advisory vendor advisory
http://secunia.com/advisories/30356 third party advisory broken link
http://httpd.apache.org/security/vulnerabilities_13.html vendor advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273 vendor advisory broken link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015 vendor advisory broken link
http://docs.info.apple.com/article.html?artnum=307562 broken link
http://secunia.com/advisories/28073 broken link third party advisory vendor advisory
http://secunia.com/advisories/28471 third party advisory broken link
http://www.vupen.com/english/advisories/2007/4202 vdb entry permissions required
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01345501 vendor advisory broken link
http://www.vupen.com/english/advisories/2008/1697 vdb entry permissions required
http://www.redhat.com/support/errata/RHSA-2008-0261.html third party advisory vendor advisory
http://www.ubuntu.com/usn/usn-575-1 third party advisory vendor advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK58074 third party advisory vendor advisory
http://secunia.com/advisories/29640 third party advisory broken link
http://secunia.com/advisories/32800 third party advisory broken link
http://secunia.com/advisories/28977 third party advisory broken link
http://www.vupen.com/english/advisories/2007/4201 vdb entry permissions required
http://www.vupen.com/english/advisories/2008/1875/references vdb entry permissions required
http://secunia.com/advisories/30732 third party advisory broken link
http://www.vupen.com/english/advisories/2008/1224/references vdb entry permissions required
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 vendor advisory broken link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E mailing list

Frequently Asked Questions

What is the severity of CVE-2007-5000?
CVE-2007-5000 has been scored as a medium severity vulnerability.
How to fix CVE-2007-5000?
To fix CVE-2007-5000, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-5000 being actively exploited in the wild?
It is possible that CVE-2007-5000 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~89% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.