NVD

CVE-2005-3352 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 4.3 MEDIUM

Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache HTTP Server 2.2.2, 2.0.58, and 1.3.35: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	CVE, Inc., Red Hat	Broken Link
http://docs.info.apple.com/article.html?artnum=307562	CVE, Inc., Red Hat	Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449	CVE, Inc., Red Hat	Broken Link
http://issues.apache.org/bugzilla/show_bug.cgi?id=37874	CVE, Inc., Red Hat	Issue Tracking
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	CVE, Inc., Red Hat	Mailing List
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	CVE, Inc., Red Hat	Mailing List
http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html	CVE, Inc., Red Hat	Broken Link
http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html	CVE, Inc., Red Hat	Broken Link
http://marc.info/?l=bugtraq&m=130497311408250&w=2	CVE, Inc., Red Hat	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0159.html	CVE, Inc., Red Hat	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0692.html	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/17319	CVE, Inc., Red Hat	Not Applicable URL Repurposed
http://secunia.com/advisories/18008	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18333	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18339	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18340	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18429	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18517	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18526	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18585	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/18743	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/19012	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/20046	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/20670	CVE, Inc., Red Hat	Not Applicable
http://secunia.com/advisories/21744	CVE, Inc., Red Hat	Not Applicable Third Party Advisory
http://secunia.com/advisories/22140	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/22368	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/22388	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/22669	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/23260	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/25239	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/29420	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/29849	CVE, Inc., Red Hat	Third Party Advisory
http://secunia.com/advisories/30430	CVE, Inc., Red Hat	Third Party Advisory
http://securitytracker.com/id?1015344	CVE, Inc., Red Hat	Patch Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158	CVE, Inc., Red Hat	Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483	CVE, Inc., Red Hat	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1	CVE, Inc., Red Hat	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1	CVE, Inc., Red Hat	Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only	CVE, Inc., Red Hat	Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only	CVE, Inc., Red Hat	Third Party Advisory
http://www.debian.org/security/2006/dsa-1167	CVE, Inc., Red Hat	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml	CVE, Inc., Red Hat	Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_43_apache.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt	CVE, Inc., Red Hat	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0158.html	CVE, Inc., Red Hat	Third Party Advisory
http://www.securityfocus.com/archive/1/425399/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/445206/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/450315/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/450321/100/0/threaded	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/15834	CVE, Inc., Red Hat	Third Party Advisory VDB Entry
http://www.trustix.org/errata/2005/0074/	CVE, Inc., Red Hat	Third Party Advisory
http://www.ubuntulinux.org/usn/usn-241-1	CVE, Inc., Red Hat	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA08-150A.html	CVE, Inc., Red Hat	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2005/2870	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2006/2423	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2006/3995	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2006/4015	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2006/4300	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2006/4868	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2008/0924/references	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1246/references	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1697	CVE, Inc., Red Hat	Third Party Advisory
http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	CVE, Inc., Red Hat	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480	CVE, Inc., Red Hat	Broken Link

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

12 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2005-3352
NVD Published Date:
12/13/2005
NVD Last Modified:
04/02/2025
Source:
Red Hat, Inc.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2005-3352 Detail

Description

Metrics

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 7:01:41 PM

CVE Modified by Red Hat, Inc. 5/13/2024 9:32:10 PM

Modified Analysis by NIST 1/19/2024 10:12:24 AM

CVE Modified by Red Hat, Inc. 11/06/2023 8:57:50 PM

CVE Modified by Red Hat, Inc. 6/06/2021 7:15:13 AM

CVE Modified by Red Hat, Inc. 3/30/2021 8:15:37 AM

CVE Modified by Red Hat, Inc. 4/01/2020 12:15:19 PM

CVE Modified by Red Hat, Inc. 4/01/2020 11:15:22 AM

CVE Modified by Red Hat, Inc. 8/15/2019 5:15:18 AM

CVE Modified by Red Hat, Inc. 10/19/2018 11:35:54 AM

CVE Modified by Red Hat, Inc. 10/10/2017 9:30:25 PM

Initial CVE Analysis 12/14/2005 10:33:00 AM

Quick Info