Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2088

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-2088
Last Modified 07 Mar 2011 09:23:22
Published 05 Jul 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-2088

Summary

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Vulnerable Systems

Application

  • Apache Http Server 1.3.29

  • Apache Http Server 1.3.30

  • Apache Http Server 1.3.31

  • Apache Http Server 1.3.32

  • Apache Http Server 1.3.33

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54


References

HP - SSRT051128

MISC - http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

VUPEN - ADV-2006-4680

VUPEN - ADV-2006-1018

VUPEN - ADV-2006-0789

VUPEN - ADV-2005-2659

VUPEN - ADV-2005-2140

UBUNTU - USN-160-2

BID - 15647

BID - 14106

HP - HPSBUX02074

MISC - http://www.securiteam.com/securityreviews/5GP0220G0U.html

REDHAT - RHSA-2005:582

DEBIAN - DSA-805

DEBIAN - DSA-803

CONFIRM - http://www.apache.org/dist/httpd/CHANGES_2.0

CONFIRM - http://www.apache.org/dist/httpd/CHANGES_1.3

AIXAPAR - PK16139

AIXAPAR - PK13959

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

SUNALERT - 102198

SUNALERT - 102197

SLACKWARE - SSA:2005-310-04

SECTRACK - 1014323

SECUNIA - 19317

SECUNIA - 19185

SECUNIA - 19073

SECUNIA - 19072

SECUNIA - 17813

SECUNIA - 17487

SECUNIA - 17319

SECUNIA - 14530

BUGTRAQ - 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling

MLIST - [apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released

TRUSTIX - TSLSA-2005-0059

APPLE - APPLE-SA-2005-11-29

CONFIRM - https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html

SUSE - SUSE-SA:2005:046

SUSE - SUSE-SR:2005:018

MANDRIVA - MDKSA-2005:130

SREASON - 604

SECUNIA - 23074

HP - HPSBUX02101

HP - SSRT051251


Last Updated: 27 May 2016 10:40:44