English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2007-56
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 25 Dec 2007
 Last revised: 25 Dec 2007

 Package: httpd

 Summary: Cross-site scripting (XSS) vulnerability

 More information:
    Apache is a powerful, full-featured, efficient, and freely-available
    Web server. Apache is also the most popular Web server on the Internet.

    The Cross-site scripting exists in mod_imagemap(mod_imap) of httpd.

 Impact:
    This vulnerability can be exploited to execute arbitrary HTML and script code
    in a user's browser session in context of an affected site.

 Affected Products:
    - Turbolinux 11 Server x64 Edition
    - Turbolinux 11 Server
    - Turbolinux Appliance Server 2.0
    - Turbolinux FUJI
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server


 <Turbolinux 11 Server x64 Edition>
 
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-7.src.rpm
      4768026 656be5c7c3ea462bb3ce1a2f7b0dbb7b

   Binary Packages
   Size: MD5

   httpd-2.2.6-7.x86_64.rpm
      1248818 f0033814e5f5ced30620ba851c623393
   httpd-devel-2.2.6-7.x86_64.rpm
       152878 ce090d88d58671f7f20dead0d77e2dc2
   httpd-manual-2.2.6-7.x86_64.rpm
       858560 57548aa697d2b476ba7b7b49553d0c7e
   mod_ssl-2.2.6-7.x86_64.rpm
        89528 bc97d8530b30f27793e64b2b39786427

 <Turbolinux 11 Server>
 
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-7.src.rpm
      4768026 aa1928c5169955051d4518eb061df352

   Binary Packages
   Size: MD5

   httpd-2.2.6-7.i686.rpm
      1176265 fb4f0f23f4edbe58b7645185c86ac607
   httpd-devel-2.2.6-7.i686.rpm
       152971 a1dbe5735020e31e5484a317db2875fa
   httpd-manual-2.2.6-7.i686.rpm
       857634 71b1834710902e8dcdc010ee139f4d2a
   mod_ssl-2.2.6-7.i686.rpm
        85239 59839ce5436d7c23721a60403b348dc1

 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   httpd-2.0.51-34.src.rpm
      6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2

   Binary Packages
   Size: MD5

   httpd-2.0.51-34.i586.rpm
      1033631 a24b2f4030e1b1fe24ac80e3f63f696e
   httpd-devel-2.0.51-34.i586.rpm
       225349 94fc2636c637aa761a59dff1da673db3
   httpd-manual-2.0.51-34.i586.rpm
      1133107 c5167124ee98eb643c53b014d72aa32b
   mod_bwshare-2.0.51-34.i586.rpm
        41541 20052bc35904a1f94beeb089e71ebcd6
   mod_ssl-2.0.51-34.i586.rpm
        89502 304f3e7cc65c3827a78ed11e1e41a990

 <Turbolinux FUJI>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/httpd-2.0.54-20.src.rpm
      7622511 f8c29791207679914b539f606c7ca180

   Binary Packages
   Size: MD5

   httpd-2.0.54-20.i686.rpm
      1266041 10a5b0824b8440f10eb89faede1529e6
   httpd-devel-2.0.54-20.i686.rpm
       276954 3c8613c2d52cd3388ed5eb7b517ec156

 <Turbolinux 10 Server x64 Edition>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-34.src.rpm
      6856770 cc92e836cd03e95354aa14b911720825

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-34.x86_64.rpm
      1142725 610c87689f917404a5101437de64cd21
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-34.x86_64.rpm
      3534277 32d9852790edadbc136eced38cf7cba9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-34.x86_64.rpm
       225364 2e509f767528a79d57fa41dbc4566c7b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-34.x86_64.rpm
      1133043 d40faa2e10b587241ed4c346745c4f30
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-34.x86_64.rpm
        42290 499fd23019174cd0e16ee6a268f6d283
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-34.x86_64.rpm
        97149 c6afb487a309d7fee75c1359c4f5a857

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   apache-1.3.27-43.src.rpm
      3116264 4528a2265449d98613689c072d36677b

   Binary Packages
   Size: MD5

   apache-1.3.27-43.i586.rpm
       538420 a5f9a7dcc6d3bbfb5c1607a4c8930d91
   apache-devel-1.3.27-43.i586.rpm
        95867 f83b73bdc73ee03d11e2bb0b6b916e3f
   mod_ssl-2.8.14-43.i586.rpm
       183419 041879877f7430482d768eed3d8ed024

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   apache-1.3.27-43.src.rpm
      3116264 5a27a6c1f4f463d9122f28ffa7f288ad

   Binary Packages
   Size: MD5

   apache-1.3.27-43.i586.rpm
       504423 c519db3ae7e6f8258b208e0e0b292bee
   apache-devel-1.3.27-43.i586.rpm
        96043 825bb5655ad66d3b09abd4400bab4769
   mod_ssl-2.8.14-43.i586.rpm
       183569 eacb744774f62f08f83181fb3706b0ac

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-34.src.rpm
      6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2

   Binary Packages
   Size: MD5

   httpd-2.0.51-34.i586.rpm
      1033631 a24b2f4030e1b1fe24ac80e3f63f696e
   httpd-debug-2.0.51-34.i586.rpm
      3541682 0697d5377ebb06565b297ab63695fe61
   httpd-devel-2.0.51-34.i586.rpm
       225349 94fc2636c637aa761a59dff1da673db3
   httpd-manual-2.0.51-34.i586.rpm
      1133107 c5167124ee98eb643c53b014d72aa32b
   mod_bwshare-2.0.51-34.i586.rpm
        41541 20052bc35904a1f94beeb089e71ebcd6
   mod_ssl-2.0.51-34.i586.rpm
        89502 304f3e7cc65c3827a78ed11e1e41a990

 <Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-22.src.rpm
      6325021 195458fdb61043b1ea16fb4ddeaecf2e

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-22.i586.rpm
       893150 60673f331c498beff6bb1e62bf768475

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/apache-1.3.27-43.src.rpm
      3116264 d1cfc40f44eb05aa00570e0f15adf402

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-1.3.27-43.i586.rpm
       504350 7175fbf7b0f22e14c6a4a4d4b7298de1
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-devel-1.3.27-43.i586.rpm
        96084 2cff7232945848d35030cd4b8e1ca78b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-manual-1.3.27-43.i586.rpm
       852222 a1c4c9cba476704e0220487f88c5c47f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mod_ssl-2.8.14-43.i586.rpm
       183501 0132270e19bcaa1cb5608b5688ce9b81


 References:

 CVE
   [CVE-2007-5000]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

 --------------------------------------------------------------------------
 Revision History
    25 Dec 2007 Initial release
 --------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHcN4YK0LzjOqIJMwRAsxHAJ9n3UasZW5ukNeaCRR+A1HjWYFLwQCgqBDQ
KPXVvvq+/1FjX/7wZkss8o0=
=j6mt
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.