CVE-2005-2088

MEDIUM

Description

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

References

http://docs.info.apple.com/article.html?artnum=302847

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3

http://seclists.org/lists/bugtraq/2005/Jun/0025.html

http://secunia.com/advisories/14530

http://secunia.com/advisories/17319

http://secunia.com/advisories/17487

http://secunia.com/advisories/17813

http://secunia.com/advisories/19072

http://secunia.com/advisories/19073

http://secunia.com/advisories/19185

http://secunia.com/advisories/19317

http://secunia.com/advisories/23074

http://securityreason.com/securityalert/604

http://securitytracker.com/id?1014323

http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://www.apache.org/dist/httpd/CHANGES_1.3

http://www.apache.org/dist/httpd/CHANGES_2.0

http://www.debian.org/security/2005/dsa-803

http://www.debian.org/security/2005/dsa-805

http://www.mandriva.com/security/advisories?name=MDKSA-2005:130

http://www.novell.com/linux/security/advisories/2005_18_sr.html

http://www.novell.com/linux/security/advisories/2005_46_apache.html

http://www.redhat.com/support/errata/RHSA-2005-582.html

http://www.securiteam.com/securityreviews/5GP0220G0U.html

http://www.securityfocus.com/archive/1/428138/100/0/threaded

http://www.securityfocus.com/bid/14106

http://www.securityfocus.com/bid/15647

http://www.ubuntu.com/usn/usn-160-2

http://www.vupen.com/english/advisories/2005/2140

http://www.vupen.com/english/advisories/2005/2659

http://www.vupen.com/english/advisories/2006/0789

http://www.vupen.com/english/advisories/2006/1018

http://www.vupen.com/english/advisories/2006/4680

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only

http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840

https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html

Details

Source: MITRE

Published: 2005-07-05

Updated: 2018-10-19

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM