4.3

CVE-2005-2088

Exploit
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.0.35 < 2.0.55
DebianDebian Linux Version3.0
DebianDebian Linux Version3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.46% 0.972
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
http://www.apache.org/dist/httpd/CHANGES_2.0
Vendor Advisory
Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
http://www.apache.org/dist/httpd/CHANGES_1.3
Vendor Advisory
Broken Link
http://secunia.com/advisories/19072
Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Third Party Advisory
http://www.vupen.com/english/advisories/2006/0789
Broken Link
Permissions Required
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
Vendor Advisory
Mailing List
http://www.novell.com/linux/security/advisories/2005_18_sr.html
Broken Link
http://secunia.com/advisories/19073
Not Applicable
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
Broken Link
http://secunia.com/advisories/19185
Not Applicable
http://docs.info.apple.com/article.html?artnum=302847
Broken Link
http://secunia.com/advisories/17813
Not Applicable
http://www.securityfocus.com/bid/15647
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2005/2659
Broken Link
Permissions Required
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Broken Link
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
Third Party Advisory
Mailing List
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/14530
Not Applicable
http://secunia.com/advisories/17319
Not Applicable
http://secunia.com/advisories/17487
Not Applicable
http://secunia.com/advisories/19317
Not Applicable
http://secunia.com/advisories/23074
Not Applicable
http://securityreason.com/securityalert/604
Third Party Advisory
Exploit
http://securitytracker.com/id?1014323
Third Party Advisory
Broken Link
VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
Third Party Advisory
Broken Link
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
Third Party Advisory
Broken Link
http://www.debian.org/security/2005/dsa-803
Third Party Advisory
Mailing List
http://www.debian.org/security/2005/dsa-805
Third Party Advisory
Mailing List
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_46_apache.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-582.html
Third Party Advisory
Broken Link
http://www.securiteam.com/securityreviews/5GP0220G0U.html
Exploit
Broken Link
http://www.securityfocus.com/archive/1/428138/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/14106
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/usn-160-2
Broken Link
http://www.vupen.com/english/advisories/2005/2140
Broken Link
Permissions Required
http://www.vupen.com/english/advisories/2006/1018
Broken Link
Permissions Required
http://www.vupen.com/english/advisories/2006/4680
Broken Link
Permissions Required
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
Broken Link
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
Third Party Advisory
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
Third Party Advisory
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
Third Party Advisory
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
Third Party Advisory
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
Third Party Advisory
Broken Link
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
Broken Link