4.3

CVE-2005-2088

Exploit

EPSS 60.13%
Published 05.07.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source secalert@redhat.com
Teams watchlist Login
Open Login

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Affected products Warnungen 0 Metrics 2 CWE 1 References 62

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.0.35 < 2.0.55

Debian ≫ Debian Linux Version3.0

Debian ≫ Debian Linux Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	60.13%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

http://www.apache.org/dist/httpd/CHANGES_2.0

Vendor Advisory

Broken Link

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

http://www.apache.org/dist/httpd/CHANGES_1.3

Vendor Advisory

Broken Link

http://secunia.com/advisories/19072

Not Applicable

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

Broken Link

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

Third Party Advisory

http://www.vupen.com/english/advisories/2006/0789

Broken Link

Permissions Required

https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E

Vendor Advisory

Mailing List

http://www.novell.com/linux/security/advisories/2005_18_sr.html

Broken Link

http://secunia.com/advisories/19073

Not Applicable

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1

Broken Link

http://secunia.com/advisories/19185

Not Applicable

http://docs.info.apple.com/article.html?artnum=302847

Broken Link

http://secunia.com/advisories/17813

Not Applicable

http://www.securityfocus.com/bid/15647

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2005/2659

Broken Link

Permissions Required

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

Broken Link

http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3

Third Party Advisory

Mailing List

http://seclists.org/lists/bugtraq/2005/Jun/0025.html

Third Party Advisory

Mailing List

Issue Tracking

http://secunia.com/advisories/14530

Not Applicable

http://secunia.com/advisories/17319

Not Applicable

http://secunia.com/advisories/17487

Not Applicable

http://secunia.com/advisories/19317

Not Applicable

http://secunia.com/advisories/23074

Not Applicable

http://securityreason.com/securityalert/604

Third Party Advisory

Exploit

http://securitytracker.com/id?1014323

Third Party Advisory

Broken Link

VDB Entry

http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000

Third Party Advisory

http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only

Third Party Advisory

Broken Link

http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only

Third Party Advisory

Broken Link

http://www.debian.org/security/2005/dsa-803

Third Party Advisory

Mailing List

http://www.debian.org/security/2005/dsa-805

Third Party Advisory

Mailing List

http://www.mandriva.com/security/advisories?name=MDKSA-2005:130

Third Party Advisory

http://www.novell.com/linux/security/advisories/2005_46_apache.html

Broken Link

http://www.redhat.com/support/errata/RHSA-2005-582.html

Third Party Advisory

Broken Link

http://www.securiteam.com/securityreviews/5GP0220G0U.html

Exploit

Broken Link

http://www.securityfocus.com/archive/1/428138/100/0/threaded

Third Party Advisory

Broken Link

VDB Entry

http://www.securityfocus.com/bid/14106

Third Party Advisory

Broken Link

VDB Entry

http://www.ubuntu.com/usn/usn-160-2

Broken Link

http://www.vupen.com/english/advisories/2005/2140

Broken Link

Permissions Required

http://www.vupen.com/english/advisories/2006/1018

Broken Link

Permissions Required

http://www.vupen.com/english/advisories/2006/4680

Broken Link

Permissions Required

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

Broken Link

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629

Third Party Advisory

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840

Third Party Advisory

Broken Link

https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2005-2088

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-2088

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-2088

EUVD