FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2088

This CVE name corresponds to:

Entered Topic
2005-07-26 apache -- http request smuggling

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-2088 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-2088
Phase Assigned(20050630)

Description

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

References

Source Reference
BUGTRAQ 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling
MISC http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
MISC http://www.securiteam.com/securityreviews/5GP0220G0U.html
MLIST [apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released
CONFIRM http://www.apache.org/dist/httpd/CHANGES_1.3
CONFIRM http://www.apache.org/dist/httpd/CHANGES_2.0
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
AIXAPAR PK13959
AIXAPAR PK16139
APPLE APPLE-SA-2005-11-29
DEBIAN DSA-803
DEBIAN DSA-805
HP HPSBUX02074
HP SSRT051251
HP HPSBUX02101
HP SSRT051128
MANDRIVA MDKSA-2005:130
REDHAT RHSA-2005:582
SLACKWARE SSA:2005-310-04
SUNALERT 102197
SUNALERT 102198
SUSE SUSE-SA:2005:046
SUSE SUSE-SR:2005:018
TRUSTIX TSLSA-2005-0059
UBUNTU USN-160-2
BID 14106
BID 15647
OVAL oval:org.mitre.oval:def:11452
VUPEN ADV-2005-2140
VUPEN ADV-2005-2659
VUPEN ADV-2006-0789
VUPEN ADV-2006-1018
VUPEN ADV-2006-4680
OVAL oval:org.mitre.oval:def:840
OVAL oval:org.mitre.oval:def:1526
OVAL oval:org.mitre.oval:def:1629
OVAL oval:org.mitre.oval:def:1237
SECTRACK 1014323
SECUNIA 17813
SECUNIA 14530
SECUNIA 17487
SECUNIA 19072
SECUNIA 19073
SECUNIA 19317
SECUNIA 17319
SECUNIA 19185
SECUNIA 23074
SREASON 604

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.