CVE-2005-3352 — apache - missing input sanitising

Description

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

How to fix CVE-2005-3352

To remediate CVE-2005-3352, upgrade the affected package to a fixed version below.

Debian/apache—upgrade to 1.3.33-6sarge3 or later
Debian/apache2—upgrade to 2.0.55-4 or later

Is CVE-2005-3352 being exploited?

Moderate — EPSS is 28.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 1.3.33-6sarge3
from 0, < 2.0.55-4

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-3352