You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2007/12/11 20:47:52 UTC
svn commit: r603343 -
/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Author: jorton
Date: Tue Dec 11 11:47:40 2007
New Revision: 603343
URL: http://svn.apache.org/viewvc?rev=603343&view=rev
Log:
Add CVE-2007-5000.
Modified:
httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=603343&r1=603342&r2=603343&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Tue Dec 11 11:47:40 2007
@@ -1,4 +1,20 @@
-<security updated="20070907">
+<security updated="20071211">
+
+<issue fixed="2.2.7-dev" public="20071211" reported="20071023">
+<cve name="CVE-2007-5000"/>
+<severity level="3">moderate</severity>
+<title>mod_imagemap XSS</title>
+<description><p>
+A flaw was found in the mod_imagemap module. On sites where
+mod_imagemap is enabled and an imagemap file is publicly available, a
+cross-site scripting attack is possible.</p></description>
+<affects prod="httpd" version="2.2.6"/>
+<affects prod="httpd" version="2.2.5"/>
+<affects prod="httpd" version="2.2.4"/>
+<affects prod="httpd" version="2.2.3"/>
+<affects prod="httpd" version="2.2.2"/>
+<affects prod="httpd" version="2.2.0"/>
+</issue>
<issue fixed="2.2.6" public="20061210" reported="20061210" released="20070907">
<cve name="CVE-2007-3847"/>