Mandrake Linux Security Advisory : apache (MDKSA-2005:130)
Medium Nessus Plugin ID 19890
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionWatchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a 'Transfer-Encoding: chunked' header and a 'Content-Length' header which would cause Apache to incorrectly handle and forward the body of the request in a way that the receiving server processed it as a separate HTTP request. This could be used to allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks (CVE-2005-2088).
The updated packages have been patched to prevent these issues.
SolutionUpdate the affected packages.