4.3

CVE-2005-3751

EPSS 1.77%
Veröffentlicht 22.11.2005 20:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apsis ≫ Pound Version <= 1.9.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.77%	0.81

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/18381

Vendor Advisory

http://www.debian.org/security/2005/dsa-934

http://secunia.com/advisories/18367

Vendor Advisory

http://secunia.com/advisories/20215

Vendor Advisory

http://secunia.com/advisories/20510

Vendor Advisory

http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000

http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml

http://www.novell.com/linux/security/advisories/2006_05_19.html

https://nvd.nist.gov/vuln/detail/CVE-2005-3751

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3751

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3751

EUVD