CVE-2005-3751 Information

Description

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches bypass web application firewall protection and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

Reference

http://secunia.com/advisories/18367 http://secunia.com/advisories/18381 http://secunia.com/advisories/20215 http://secunia.com/advisories/20510 http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=11129827166000 http://www.debian.org/security/2005/dsa-934 http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml http://www.novell.com/linux/security/advisories/2006_05_19.html