Vulnerabilities > CVE-2005-2088 - HTTP Request Smuggling vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- HTTP Request Splitting HTTP Request Splitting (also known as HTTP Request Smuggling) is an attack pattern where an attacker attempts to insert additional HTTP requests in the body of the original (enveloping) HTTP request in such a way that the browser interprets it as one request but the web server interprets it as two. There are several ways to perform HTTP request splitting attacks. One way is to include double Content-Length headers in the request to exploit the fact that the devices parsing the request may each use a different header. Another way is to submit an HTTP request with a "Transfer Encoding: chunked" in the request header set with setRequestHeader to allow a payload in the HTTP Request that can be considered as another HTTP Request by a subsequent parsing entity. A third way is to use the "Double CR in an HTTP header" technique. There are also a few less general techniques targeting specific parsing vulnerabilities in certain web servers.
- HTTP Request Smuggling HTTP Request Smuggling results from the discrepancies in parsing HTTP requests between HTTP entities such as web caching proxies or application firewalls. Entities such as web servers, web caching proxies, application firewalls or simple proxies often parse HTTP requests in slightly different ways. Under specific situations where there are two or more such entities in the path of the HTTP request, a specially crafted request is seen by two attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34123.NASL description s700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 21107 published 2006-03-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21107 title HP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34120.NASL description s700_800 11.04 Virtualvault 4.6 OWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21105 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21105 title HP-UX PHSS_34120 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-803.NASL description A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request. The fix for this bug is contained in the apache-common package which means that there isn last seen 2020-06-01 modified 2020-06-02 plugin id 19610 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19610 title Debian DSA-803-1 : apache - programming error NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-129.NASL description Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CVE-2005-1268). Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a last seen 2020-06-01 modified 2020-06-02 plugin id 19889 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19889 title Mandrake Linux Security Advisory : apache2 (MDKSA-2005:129) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-160-1.NASL description Marc Stern discovered a buffer overflow in the SSL module last seen 2020-06-01 modified 2020-06-02 plugin id 20565 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20565 title Ubuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-582.NASL description Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a last seen 2020-06-01 modified 2020-06-02 plugin id 19296 published 2005-07-25 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19296 title RHEL 3 / 4 : httpd (RHSA-2005:582) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34163.NASL description s700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access. last seen 2020-06-01 modified 2020-06-02 plugin id 21108 published 2006-03-21 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21108 title HP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34121.NASL description s700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21106 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21106 title HP-UX PHSS_34121 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-130.NASL description Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a last seen 2020-06-01 modified 2020-06-02 plugin id 19890 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19890 title Mandrake Linux Security Advisory : apache (MDKSA-2005:130) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34169.NASL description s700_800 11.04 Virtualvault 4.7 IWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21109 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21109 title HP-UX PHSS_34169 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34119.NASL description s700_800 11.04 Virtualvault 4.5 OWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21104 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21104 title HP-UX PHSS_34119 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_651996E0FE0711D98329000E0C2E438A.NASL description A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this vulnerability requires multiple carefully crafted HTTP requests, taking advantage of an caching server, proxy server, web application firewall etc. This only affects installations where Apache is used as HTTP proxy in combination with the following web servers : - IIS/6.0 and 5.0 - Apache 2.0.45 (as web server) - apache 1.3.29 - WebSphere 5.1 and 5.0 - WebLogic 8.1 SP1 - Oracle9iAS web server 9.0.2 - SunONE web server 6.1 SP4 last seen 2020-06-01 modified 2020-06-02 plugin id 19346 published 2005-08-01 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19346 title FreeBSD : apache -- http request smuggling (651996e0-fe07-11d9-8329-000e0c2e438a) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-160-2.NASL description USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CAN-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the last seen 2020-06-01 modified 2020-06-02 plugin id 20566 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20566 title Ubuntu 4.10 / 5.04 : apache vulnerability (USN-160-2) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd last seen 2020-06-01 modified 2020-06-02 plugin id 127360 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127360 title NewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34203.NASL description s700_800 11.04 Webproxy 2.1 (Apache 1.x) update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21112 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21112 title HP-UX PHSS_34203 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1) NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_046.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:046 (apache,apache2). A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to last seen 2019-10-28 modified 2005-10-05 plugin id 19925 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19925 title SUSE-SA:2005:046: apache,apache2 NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34171.NASL description s700_800 11.04 Virtualvault 4.5 IWS Update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21111 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21111 title HP-UX PHSS_34171 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34204.NASL description s700_800 11.04 Webproxy server 2.0 update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21113 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21113 title HP-UX PHSS_34204 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-009.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog last seen 2020-06-01 modified 2020-06-02 plugin id 20249 published 2005-11-30 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20249 title Mac OS X Multiple Vulnerabilities (Security Update 2005-009) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-805.NASL description Several problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1268 Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback. When Apache is configured to use a CRL this can be used to cause a denial of service. - CAN-2005-2088 A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request. - CAN-2005-2700 A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions. - CAN-2005-2728 The byte-range filter in Apache 2.0 allows remote attackers to cause a denial of service via an HTTP header with a large Range field. last seen 2020-06-01 modified 2020-06-02 plugin id 19612 published 2005-09-12 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19612 title Debian DSA-805-1 : apache2 - several vulnerabilities NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-310-04.NASL description New apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: * If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. * Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method. It last seen 2020-06-01 modified 2020-06-02 plugin id 20151 published 2005-11-07 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20151 title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04) NASL family Web Servers NASL id APACHE_2_0_55.NASL description The remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where last seen 2020-06-01 modified 2020-06-02 plugin id 31656 published 2008-03-26 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31656 title Apache < 2.0.55 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2005-638.NASL description This update includes version 2.0.53 of the Apache HTTP server, and also adds security fixes for CVE-2005-2088 and CVE-2005-1268. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19374 published 2005-08-03 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19374 title Fedora Core 3 : httpd-2.0.53-3.2 (2005-638) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-582.NASL description Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a last seen 2020-06-01 modified 2020-06-02 plugin id 21843 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21843 title CentOS 3 / 4 : httpd (CESA-2005:582) NASL family Fedora Local Security Checks NASL id FEDORA_2005-639.NASL description This update security fixes for CVE-2005-2088 and CVE-2005-1268, along with some minor bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19375 published 2005-08-03 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19375 title Fedora Core 4 : httpd-2.0.54-10.1 (2005-639) NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_34170.NASL description s700_800 11.04 Virtualvault 4.6 IWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement. last seen 2020-06-01 modified 2020-06-02 plugin id 21110 published 2006-03-21 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21110 title HP-UX PHSS_34170 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
Oval
accepted 2013-04-29T04:14:08.508-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990
description The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." family unix id oval:org.mitre.oval:def:11452 status accepted submitted 2010-07-09T03:56:16-04:00 title The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." version 26 accepted 2010-09-20T04:00:09.602-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc. name Todd Dolinsky organization Opsware, Inc. name Jonathan Baker organization The MITRE Corporation
description The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." family unix id oval:org.mitre.oval:def:1237 status accepted submitted 2006-03-18T07:24:00.000-04:00 title Webproxy HTTP Request Smuggling (B.11.04) version 39 accepted 2007-10-02T08:08:09.431-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc.
description The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." family unix id oval:org.mitre.oval:def:1526 status accepted submitted 2006-03-18T07:24:00.000-04:00 title VirusVault HTTP Request Smuggling version 35 accepted 2007-10-02T08:08:10.027-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Todd Dolinsky organization Opsware, Inc.
description The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." family unix id oval:org.mitre.oval:def:1629 status accepted submitted 2006-03-18T07:24:00.000-04:00 title Webproxy HTTP Request Smuggling version 35 accepted 2006-01-25T07:30:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." family unix id oval:org.mitre.oval:def:840 status accepted submitted 2005-11-30T12:00:00.000-04:00 title Apache HTTP Request Smuggling version 36
Redhat
advisories |
| ||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2008-07-02 |
organization | Apache |
statement | Fixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html |
References
- http://seclists.org/lists/bugtraq/2005/Jun/0025.html
- http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
- http://www.securiteam.com/securityreviews/5GP0220G0U.html
- http://securitytracker.com/id?1014323
- http://www.debian.org/security/2005/dsa-803
- http://www.debian.org/security/2005/dsa-805
- http://www.ubuntu.com/usn/usn-160-2
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://docs.info.apple.com/article.html?artnum=302847
- http://www.securityfocus.com/bid/15647
- http://secunia.com/advisories/17813
- http://secunia.com/advisories/14530
- http://secunia.com/advisories/17487
- http://www.securityfocus.com/bid/14106
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://secunia.com/advisories/19073
- http://www.redhat.com/support/errata/RHSA-2005-582.html
- http://www.apache.org/dist/httpd/CHANGES_1.3
- http://www.apache.org/dist/httpd/CHANGES_2.0
- http://secunia.com/advisories/19317
- http://secunia.com/advisories/17319
- http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
- http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://secunia.com/advisories/19185
- http://www.novell.com/linux/security/advisories/2005_46_apache.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
- http://secunia.com/advisories/23074
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
- http://securityreason.com/securityalert/604
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
- http://www.vupen.com/english/advisories/2006/0789
- http://www.vupen.com/english/advisories/2006/1018
- http://www.vupen.com/english/advisories/2005/2140
- http://www.vupen.com/english/advisories/2006/4680
- http://www.vupen.com/english/advisories/2005/2659
- http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
- http://www.securityfocus.com/archive/1/428138/100/0/threaded
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E