[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-2088Date: (C)2005-07-05   (M)2024-02-16


The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1014323
SUNALERT-102197
SUNALERT-102198
BID-14106
SECUNIA-14530
BID-15647
SECUNIA-17319
SECUNIA-17487
SECUNIA-17813
SECUNIA-19072
SECUNIA-19073
SECUNIA-19185
SECUNIA-19317
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
SECUNIA-23074
SREASON-604
ADV-2005-2140
ADV-2005-2659
ADV-2006-0789
ADV-2006-1018
ADV-2006-4680
APPLE-SA-2005-11-29
DSA-803
DSA-805
HPSBUX02101
MDKSA-2005:130
PK13959
PK16139
RHSA-2005:582
SSA:2005-310-04
SSRT051251
SUSE-SA:2005:046
SUSE-SR:2005:018
TSLSA-2005-0059
USN-160-2
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.apache.org/dist/httpd/CHANGES_1.3
http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
oval:org.mitre.oval:def:11452
oval:org.mitre.oval:def:1237
oval:org.mitre.oval:def:1526
oval:org.mitre.oval:def:1629
oval:org.mitre.oval:def:840

CWE    1
CWE-444

© SecPod Technologies