Package: apache Version: 1.3.34-2 Severity: normal
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. See http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (300, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12.dsdt1000.060522 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages apache depends on: ii apache-common 1.3.34-2 support files for all Apache webse ii debconf [debconf-2.0] 1.5.1 Debian configuration management sy ii libc6 2.3.6-13 GNU C Library: Shared libraries ii libdb4.3 4.3.29-4.1 Berkeley v4.3 Database Libraries [ ii libexpat1 1.95.8-3.2 XML parsing C library - runtime li ii libmagic1 4.17-1 File type determination library us ii logrotate 3.7.1-3 Log rotation utility ii lsb-base 3.1-10 Linux Standard Base 3.1 init scrip ii mime-support 3.36-1 MIME files 'mime.types' & 'mailcap ii perl 5.8.8-4 Larry Wall's Practical Extraction apache recommends no packages. -- debconf information: * apache/enable-suexec: false apache/server-name: localhost apache/document-root: /var/www apache/server-port: 80 apache/init: true apache/server-admin: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]