CVE-2005-3352
Description
Cross-site scripting in Apache mod_imap allows attackers to inject arbitrary script via the Referer header when using image maps.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting in Apache mod_imap allows attackers to inject arbitrary script via the Referer header when using image maps.
Vulnerability
Cross-site scripting (XSS) vulnerability exists in the mod_imap module of Apache HTTP Server. The module fails to escape the Referer header when generating HTML for image maps, allowing injection of arbitrary HTML or script. Affected versions: Apache 1.3.x before 1.3.35-dev and Apache 2.0.x before 2.0.56-dev [1][3][4].
Exploitation
An attacker can craft a malicious Referer header containing JavaScript. When a victim visits a page on a vulnerable server that uses image maps, the server reflects the unescaped Referer in the response, causing the script to execute in the victim's browser. No authentication is required; the attacker only needs to lure the victim to a crafted link or page that sets the Referer header.
Impact
Successful exploitation allows arbitrary script execution in the context of the vulnerable site. This can lead to session hijacking, cookie theft, defacement, or redirection to malicious sites. The attack is limited to the browser's same-origin policy, but can compromise user data on the affected domain.
Mitigation
Upgrade to Apache HTTP Server 1.3.35 or 2.0.56, which properly escape the Referer header using ap_escape_html [3][4]. Red Hat released updated packages in RHSA-2006-0158 (for Apache 1.3) and RHSA-2006-0159 (for Apache 2.0) [1][4]. Slackware also provided updated packages for multiple versions [3]. No workaround is documented; applying the patch is recommended.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*range: <1.3.35
- cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
Patches
190521799bdb9Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
81- securitytracker.com/idnvdPatchThird Party AdvisoryVDB Entry
- marc.infonvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2006-0159.htmlnvdThird Party Advisory
- secunia.com/advisories/21744nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/22140nvdThird Party Advisory
- secunia.com/advisories/22368nvdThird Party Advisory
- secunia.com/advisories/22388nvdThird Party Advisory
- secunia.com/advisories/22669nvdThird Party Advisory
- secunia.com/advisories/23260nvdThird Party Advisory
- secunia.com/advisories/25239nvdThird Party Advisory
- secunia.com/advisories/29420nvdThird Party Advisory
- secunia.com/advisories/29849nvdThird Party Advisory
- secunia.com/advisories/30430nvdThird Party Advisory
- slackware.com/security/viewer.phpnvdThird Party Advisory
- slackware.com/security/viewer.phpnvdThird Party Advisory
- sunsolve.sun.com/search/document.donvdThird Party Advisory
- sunsolve.sun.com/search/document.donvdThird Party Advisory
- www-1.ibm.com/support/search.wssnvdThird Party Advisory
- www-1.ibm.com/support/search.wssnvdThird Party Advisory
- www.debian.org/security/2006/dsa-1167nvdThird Party Advisory
- www.gentoo.org/security/en/glsa/glsa-200602-03.xmlnvdThird Party Advisory
- www.novell.com/linux/security/advisories/2006_43_apache.htmlnvdThird Party Advisory
- www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txtnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2006-0158.htmlnvdThird Party Advisory
- www.securityfocus.com/archive/1/425399/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/445206/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/450315/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/450321/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/15834nvdThird Party AdvisoryVDB Entry
- www.trustix.org/errata/2005/0074/nvdThird Party Advisory
- www.ubuntulinux.org/usn/usn-241-1nvdThird Party Advisory
- www.us-cert.gov/cas/techalerts/TA08-150A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2005/2870nvdThird Party Advisory
- www.vupen.com/english/advisories/2006/2423nvdThird Party Advisory
- www.vupen.com/english/advisories/2006/3995nvdThird Party Advisory
- www.vupen.com/english/advisories/2006/4015nvdThird Party Advisory
- www.vupen.com/english/advisories/2006/4300nvdThird Party Advisory
- www.vupen.com/english/advisories/2006/4868nvdThird Party Advisory
- www.vupen.com/english/advisories/2008/0924/referencesnvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1246/referencesnvdThird Party Advisory
- www.vupen.com/english/advisories/2008/1697nvdThird Party Advisory
- wwwnew.mandriva.com/security/advisoriesnvdThird Party Advisory
- lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EnvdThird Party Advisory
- patches.sgi.com/support/free/security/advisories/20060101-01-UnvdBroken Link
- docs.info.apple.com/article.htmlnvdBroken Link
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvdBroken Link
- issues.apache.org/bugzilla/show_bug.cginvdIssue Tracking
- lists.apple.com/archives/security-announce/2008//May/msg00001.htmlnvdMailing List
- lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlnvdMailing List
- lists.suse.com/archive/suse-security-announce/2007-May/0005.htmlnvdBroken Link
- lists.suse.de/archive/suse-security-announce/2006-Feb/0008.htmlnvdBroken Link
- rhn.redhat.com/errata/RHSA-2006-0692.htmlnvdBroken Link
- secunia.com/advisories/17319nvdNot ApplicableURL Repurposed
- secunia.com/advisories/18008nvdNot Applicable
- secunia.com/advisories/18333nvdNot Applicable
- secunia.com/advisories/18339nvdNot Applicable
- secunia.com/advisories/18340nvdNot Applicable
- secunia.com/advisories/18429nvdNot Applicable
- secunia.com/advisories/18517nvdNot Applicable
- secunia.com/advisories/18526nvdNot Applicable
- secunia.com/advisories/18585nvdNot Applicable
- secunia.com/advisories/18743nvdNot Applicable
- secunia.com/advisories/19012nvdNot Applicable
- secunia.com/advisories/20046nvdNot Applicable
- secunia.com/advisories/20670nvdNot Applicable
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480nvdBroken Link
News mentions
0No linked articles in our index yet.