CVE-2005-2088

Severity

43%

Complexity

86%

Confidentiality

48%

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

Apache Software Foundation Apache HTTP Server

First reported 19 years ago

2005-07-05 04:00:00

Last updated 6 years ago

2018-10-19 15:32:00

Affected Software

Apache Software Foundation Apache HTTP Server 1.3.29

1.3.29

Apache Software Foundation Apache HTTP Server 1.3.30

1.3.30

Apache Software Foundation Apache HTTP Server 1.3.31

1.3.31

Apache Software Foundation Apache HTTP Server 1.3.32

1.3.32

Apache Software Foundation Apache HTTP Server 1.3.33

1.3.33

Apache Software Foundation Apache HTTP Server 2.0.45

2.0.45

Apache Software Foundation Apache HTTP Server 2.0.46

2.0.46

Apache Software Foundation Apache HTTP Server 2.0.47

2.0.47

Apache Software Foundation Apache HTTP Server 2.0.48

2.0.48

Apache Software Foundation Apache HTTP Server 2.0.49

2.0.49

Apache Software Foundation Apache HTTP Server 2.0.50

2.0.50

Apache Software Foundation Apache HTTP Server 2.0.51

2.0.51

Apache Software Foundation Apache HTTP Server 2.0.52

2.0.52

Apache Software Foundation Apache HTTP Server 2.0.53

2.0.53

Apache Software Foundation Apache HTTP Server 2.0.54

2.0.54

References

APPLE-SA-2005-11-29

TSLSA-2005-0059

[apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released

20050606 A new whitepaper by Watchfire - HTTP Request Smuggling

14530

17319

17487

17813

19072

19073

19185

19317

23074

604

1014323

SSA:2005-310-04

102197

102198

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

http://www.apache.org/dist/httpd/CHANGES_1.3

http://www.apache.org/dist/httpd/CHANGES_2.0

DSA-803

DSA-805

MDKSA-2005:130

SUSE-SR:2005:018

SUSE-SA:2005:046

RHSA-2005:582

http://www.securiteam.com/securityreviews/5GP0220G0U.html

Exploit

SSRT051251

14106

15647

USN-160-2

ADV-2005-2140

ADV-2005-2659

ADV-2006-0789

ADV-2006-1018

ADV-2006-4680

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

PK13959

PK16139

HPSBUX02101

[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:11452

oval:org.mitre.oval:def:1237

oval:org.mitre.oval:def:1526

oval:org.mitre.oval:def:1629

oval:org.mitre.oval:def:840

https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.