CVE-2005-2088

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

References

http://seclists.org/lists/bugtraq/2005/Jun/0025.html

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

http://www.securiteam.com/securityreviews/5GP0220G0U.html

http://securitytracker.com/id?1014323

http://www.debian.org/security/2005/dsa-803

http://www.debian.org/security/2005/dsa-805

http://www.ubuntu.com/usn/usn-160-2

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

http://docs.info.apple.com/article.html?artnum=302847

http://www.securityfocus.com/bid/15647

http://secunia.com/advisories/17813

http://secunia.com/advisories/14530

http://secunia.com/advisories/17487

http://www.securityfocus.com/bid/14106

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://secunia.com/advisories/19072

http://secunia.com/advisories/19073

http://www.redhat.com/support/errata/RHSA-2005-582.html

http://www.apache.org/dist/httpd/CHANGES_1.3

http://www.apache.org/dist/httpd/CHANGES_2.0

http://secunia.com/advisories/19317

http://secunia.com/advisories/17319

http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only

http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only

http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://secunia.com/advisories/19185

http://www.novell.com/linux/security/advisories/2005_46_apache.html

http://www.novell.com/linux/security/advisories/2005_18_sr.html

https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html

http://secunia.com/advisories/23074

http://www.mandriva.com/security/advisories?name=MDKSA-2005:130

http://securityreason.com/securityalert/604

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828

http://www.vupen.com/english/advisories/2006/0789

http://www.vupen.com/english/advisories/2006/1018

http://www.vupen.com/english/advisories/2005/2140

http://www.vupen.com/english/advisories/2006/4680

http://www.vupen.com/english/advisories/2005/2659

http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452

http://www.securityfocus.com/archive/1/428138/100/0/threaded

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2005-07-05

Updated: 2021-06-06

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
127360NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)NessusNewStart CGSL Local Security Checks
critical
31656Apache < 2.0.55 Multiple VulnerabilitiesNessusWeb Servers
high
21843CentOS 3 / 4 : httpd (CESA-2005:582)NessusCentOS Local Security Checks
medium
21113HP-UX PHSS_34204 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
21112HP-UX PHSS_34203 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
21111HP-UX PHSS_34171 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
21110HP-UX PHSS_34170 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
21109HP-UX PHSS_34169 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
21108HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)NessusHP-UX Local Security Checks
high
21107HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)NessusHP-UX Local Security Checks
high
21106HP-UX PHSS_34121 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
21105HP-UX PHSS_34120 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
21104HP-UX PHSS_34119 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)NessusHP-UX Local Security Checks
medium
20566Ubuntu 4.10 / 5.04 : apache vulnerability (USN-160-2)NessusUbuntu Local Security Checks
medium
20565Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)NessusUbuntu Local Security Checks
medium
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
high
20249Mac OS X Multiple Vulnerabilities (Security Update 2005-009)NessusMacOS X Local Security Checks
high
20151Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04)NessusSlackware Local Security Checks
medium
19890Mandrake Linux Security Advisory : apache (MDKSA-2005:130)NessusMandriva Local Security Checks
medium
19889Mandrake Linux Security Advisory : apache2 (MDKSA-2005:129)NessusMandriva Local Security Checks
medium
19612Debian DSA-805-1 : apache2 - several vulnerabilitiesNessusDebian Local Security Checks
critical
19610Debian DSA-803-1 : apache - programming errorNessusDebian Local Security Checks
medium
19346FreeBSD : apache -- http request smuggling (651996e0-fe07-11d9-8329-000e0c2e438a)NessusFreeBSD Local Security Checks
medium
3112Apache < 2.0.55 HTTP Smuggling VulnerabilityNessus Network MonitorWeb Servers
high
19296RHEL 3 / 4 : httpd (RHSA-2005:582)NessusRed Hat Local Security Checks
medium
3042Apache HTTP Request Parsing HTML Injection Nessus Network MonitorWeb Servers
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high
800576Apache HTTP Request Parsing HTML Injection Log Correlation EngineWeb Servers
high
800556Apache < 2.0.55 HTTP Smuggling VulnerabilityLog Correlation EngineWeb Servers
high