The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
Link Providers
http://docs.info.apple.com/article.html?artnum=302847 cve-icon cve-icon
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html cve-icon cve-icon
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 cve-icon cve-icon
http://seclists.org/lists/bugtraq/2005/Jun/0025.html cve-icon cve-icon
http://secunia.com/advisories/14530 cve-icon cve-icon
http://secunia.com/advisories/17319 cve-icon cve-icon
http://secunia.com/advisories/17487 cve-icon cve-icon
http://secunia.com/advisories/17813 cve-icon cve-icon
http://secunia.com/advisories/19072 cve-icon cve-icon
http://secunia.com/advisories/19073 cve-icon cve-icon
http://secunia.com/advisories/19185 cve-icon cve-icon
http://secunia.com/advisories/19317 cve-icon cve-icon
http://secunia.com/advisories/23074 cve-icon cve-icon
http://securityreason.com/securityalert/604 cve-icon cve-icon
http://securitytracker.com/id?1014323 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm cve-icon cve-icon
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only cve-icon cve-icon
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only cve-icon cve-icon
http://www.apache.org/dist/httpd/CHANGES_1.3 cve-icon cve-icon
http://www.apache.org/dist/httpd/CHANGES_2.0 cve-icon cve-icon
http://www.debian.org/security/2005/dsa-803 cve-icon cve-icon
http://www.debian.org/security/2005/dsa-805 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2005_18_sr.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2005_46_apache.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2005-582.html cve-icon cve-icon
http://www.securiteam.com/securityreviews/5GP0220G0U.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/428138/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/14106 cve-icon cve-icon
http://www.securityfocus.com/bid/15647 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-160-2 cve-icon cve-icon
http://www.vupen.com/english/advisories/2005/2140 cve-icon cve-icon
http://www.vupen.com/english/advisories/2005/2659 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/0789 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/1018 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/4680 cve-icon cve-icon
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf cve-icon cve-icon
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 cve-icon cve-icon
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2005-2088 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840 cve-icon cve-icon
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2005-2088 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2005-06-30T04:00:00

Updated: 2024-08-07T22:15:37.424Z

Reserved: 2005-06-30T00:00:00

Link: CVE-2005-2088

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-07-05T04:00:00.000

Modified: 2024-11-20T23:58:46.310

Link: CVE-2005-2088

cve-icon Redhat

Severity : Moderate

Publid Date: 2005-06-12T00:00:00Z

Links: CVE-2005-2088 - Bugzilla