4.3

CVE-2005-2090

Exploit
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version4.1.24
ApacheTomcat Version5.0.19
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 29.78% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-4.html
Vendor Advisory
http://secunia.com/advisories/30899
Third Party Advisory
Permissions Required
http://secunia.com/advisories/30908
Third Party Advisory
Permissions Required
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
Broken Link
http://www.vupen.com/english/advisories/2008/1979/references
Permissions Required
http://www.redhat.com/support/errata/RHSA-2008-0261.html
Third Party Advisory
http://docs.info.apple.com/article.html?artnum=306172
Broken Link
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/26235
Third Party Advisory
Permissions Required
http://www.securityfocus.com/bid/25159
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/2732
Permissions Required
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Third Party Advisory
Mailing List
http://www.securiteam.com/securityreviews/5GP0220G0U.html
Third Party Advisory
Exploit
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
Third Party Advisory
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
Third Party Advisory
http://secunia.com/advisories/26660
Third Party Advisory
Permissions Required
http://secunia.com/advisories/27037
Third Party Advisory
Permissions Required
http://secunia.com/advisories/28365
Third Party Advisory
Permissions Required
http://secunia.com/advisories/29242
Third Party Advisory
Permissions Required
http://secunia.com/advisories/33668
Third Party Advisory
Permissions Required
http://securitytracker.com/id?1014365
Third Party Advisory
VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
Third Party Advisory
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
Third Party Advisory
Broken Link
http://tomcat.apache.org/security-5.html
Vendor Advisory
http://tomcat.apache.org/security-6.html
Vendor Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0327.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0360.html
Third Party Advisory
http://www.securityfocus.com/archive/1/485938/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/500396/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/500412/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/13873
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/3087
Permissions Required
http://www.vupen.com/english/advisories/2007/3386
Permissions Required
http://www.vupen.com/english/advisories/2008/0065
Permissions Required
http://www.vupen.com/english/advisories/2009/0233
Permissions Required
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499
Third Party Advisory