A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server’s mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.一跨站点脚本(的XSS )漏洞已被发现在阿帕奇的httpd服务器的mod_imap模块,允许远程攻击者注入任意Web脚本或HTML通过referer当使用影像地图。

Input passed to the image map “Referer” directive in “mod_imap” isn’t properly sanitised before being returned to the user.输入传递到影像地图“ referer ”指令,在“ mod_imap ”是不正确sanitised之前返回给用户。 This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.这可以被利用来执行任意HTML和脚本代码在用户的浏览器在会议的背景下,受影响网站的。

The vulnerability has been reported in versions 1.3.0 through 1.3.34, and versions 2.0.35 through 2.0.55.的脆弱性,已报告在版本1.3.0通过1.3.34 , 2.0.35版本通过2.0.55 。

The vulnerability has been fixed in version 1.3.35-dev, and 2.0.56-dev.该漏洞已被固定在版本1.3.35 - dev的,和2.0.56 - dev的。

Link链接

It affects pretty much all platforms as far as I could check.它影响相当所有平台,据我可以检查。