Vulnerabilities > CVE-2005-2088 - HTTP Request Smuggling vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
apache
debian
CWE-444
nessus
NVD
Published: 2005-07-05
Updated: 2024-02-09

Summary

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Vulnerable Configurations

Part Description Count
Application
Apache
13
OS
Debian
2

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP Request Splitting
    HTTP Request Splitting (also known as HTTP Request Smuggling) is an attack pattern where an attacker attempts to insert additional HTTP requests in the body of the original (enveloping) HTTP request in such a way that the browser interprets it as one request but the web server interprets it as two. There are several ways to perform HTTP request splitting attacks. One way is to include double Content-Length headers in the request to exploit the fact that the devices parsing the request may each use a different header. Another way is to submit an HTTP request with a "Transfer Encoding: chunked" in the request header set with setRequestHeader to allow a payload in the HTTP Request that can be considered as another HTTP Request by a subsequent parsing entity. A third way is to use the "Double CR in an HTTP header" technique. There are also a few less general techniques targeting specific parsing vulnerabilities in certain web servers.
  • HTTP Request Smuggling
    HTTP Request Smuggling results from the discrepancies in parsing HTTP requests between HTTP entities such as web caching proxies or application firewalls. Entities such as web servers, web caching proxies, application firewalls or simple proxies often parse HTTP requests in slightly different ways. Under specific situations where there are two or more such entities in the path of the HTTP request, a specially crafted request is seen by two attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.

Nessus

  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34123.NASL
    descriptions700_800 11.04 Virtualvault 4.7 OWS (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
    last seen2020-06-01
    modified2020-06-02
    plugin id21107
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21107
    titleHP-UX PHSS_34123 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34120.NASL
    descriptions700_800 11.04 Virtualvault 4.6 OWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21105
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21105
    titleHP-UX PHSS_34120 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-803.NASL
    descriptionA vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request. The fix for this bug is contained in the apache-common package which means that there isn
    last seen2020-06-01
    modified2020-06-02
    plugin id19610
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19610
    titleDebian DSA-803-1 : apache - programming error
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-129.NASL
    descriptionMarc Stern reported an off-by-one overflow in the mod_ssl CRL verification callback which can only be exploited if the Apache server is configured to use a malicious certificate revocation list (CVE-2005-1268). Watchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a
    last seen2020-06-01
    modified2020-06-02
    plugin id19889
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19889
    titleMandrake Linux Security Advisory : apache2 (MDKSA-2005:129)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-160-1.NASL
    descriptionMarc Stern discovered a buffer overflow in the SSL module
    last seen2020-06-01
    modified2020-06-02
    plugin id20565
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20565
    titleUbuntu 4.10 / 5.04 : apache2 vulnerabilities (USN-160-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-582.NASL
    descriptionUpdated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a
    last seen2020-06-01
    modified2020-06-02
    plugin id19296
    published2005-07-25
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19296
    titleRHEL 3 / 4 : httpd (RHSA-2005:582)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34163.NASL
    descriptions700_800 11.04 Webproxy server 2.1 (Apache 2.x) update : Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.
    last seen2020-06-01
    modified2020-06-02
    plugin id21108
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21108
    titleHP-UX PHSS_34163 : Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthorized Access (HPSBUX02074 SSRT051251 rev.2)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34121.NASL
    descriptions700_800 11.04 Virtualvault 4.7 (Apache 1.x) OWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21106
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21106
    titleHP-UX PHSS_34121 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-130.NASL
    descriptionWatchfire reported a flaw that occured when using the Apache server as a HTTP proxy. A remote attacker could send an HTTP request with both a
    last seen2020-06-01
    modified2020-06-02
    plugin id19890
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19890
    titleMandrake Linux Security Advisory : apache (MDKSA-2005:130)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34169.NASL
    descriptions700_800 11.04 Virtualvault 4.7 IWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21109
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21109
    titleHP-UX PHSS_34169 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34119.NASL
    descriptions700_800 11.04 Virtualvault 4.5 OWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21104
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21104
    titleHP-UX PHSS_34119 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_651996E0FE0711D98329000E0C2E438A.NASL
    descriptionA Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this vulnerability requires multiple carefully crafted HTTP requests, taking advantage of an caching server, proxy server, web application firewall etc. This only affects installations where Apache is used as HTTP proxy in combination with the following web servers : - IIS/6.0 and 5.0 - Apache 2.0.45 (as web server) - apache 1.3.29 - WebSphere 5.1 and 5.0 - WebLogic 8.1 SP1 - Oracle9iAS web server 9.0.2 - SunONE web server 6.1 SP4
    last seen2020-06-01
    modified2020-06-02
    plugin id19346
    published2005-08-01
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19346
    titleFreeBSD : apache -- http request smuggling (651996e0-fe07-11d9-8329-000e0c2e438a)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-160-2.NASL
    descriptionUSN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CAN-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the
    last seen2020-06-01
    modified2020-06-02
    plugin id20566
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20566
    titleUbuntu 4.10 / 5.04 : apache vulnerability (USN-160-2)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0118_HTTPD.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has httpd packages installed that are affected by multiple vulnerabilities: - Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. (CVE-2005-1268) - The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka HTTP Request Smuggling. (CVE-2005-2088) - ssl_engine_kernel.c in mod_ssl before 2.8.24, when using SSLVerifyClient optional in the global virtual host configuration, does not properly enforce SSLVerifyClient require in a per-location context, which allows remote attackers to bypass intended access restrictions. (CVE-2005-2700) - The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. (CVE-2005-2728) - Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. (CVE-2005-3352) - mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. (CVE-2005-3357) - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post- renegotiation context, related to a plaintext injection attack, aka the Project Mogul issue. (CVE-2009-3555) - The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (CVE-2010-1452) - fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations. (CVE-2011-3638) - It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) - It was discovered that the use of httpd
    last seen2020-06-01
    modified2020-06-02
    plugin id127360
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127360
    titleNewStart CGSL MAIN 4.05 : httpd Multiple Vulnerabilities (NS-SA-2019-0118)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34203.NASL
    descriptions700_800 11.04 Webproxy 2.1 (Apache 1.x) update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21112
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21112
    titleHP-UX PHSS_34203 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_046.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:046 (apache,apache2). A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to
    last seen2019-10-28
    modified2005-10-05
    plugin id19925
    published2005-10-05
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19925
    titleSUSE-SA:2005:046: apache,apache2
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34171.NASL
    descriptions700_800 11.04 Virtualvault 4.5 IWS Update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21111
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21111
    titleHP-UX PHSS_34171 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34204.NASL
    descriptions700_800 11.04 Webproxy server 2.0 update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21113
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21113
    titleHP-UX PHSS_34204 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-009.NASL
    descriptionThe remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog
    last seen2020-06-01
    modified2020-06-02
    plugin id20249
    published2005-11-30
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20249
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-009)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-805.NASL
    descriptionSeveral problems have been discovered in Apache2, the next generation, scalable, extendable web server. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1268 Marc Stern discovered an off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback. When Apache is configured to use a CRL this can be used to cause a denial of service. - CAN-2005-2088 A vulnerability has been discovered in the Apache web server. When it is acting as an HTTP proxy, it allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct cross-site scripting attacks, which causes Apache to incorrectly handle and forward the body of the request. - CAN-2005-2700 A problem has been discovered in mod_ssl, which provides strong cryptography (HTTPS support) for Apache that allows remote attackers to bypass access restrictions. - CAN-2005-2728 The byte-range filter in Apache 2.0 allows remote attackers to cause a denial of service via an HTTP header with a large Range field.
    last seen2020-06-01
    modified2020-06-02
    plugin id19612
    published2005-09-12
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19612
    titleDebian DSA-805-1 : apache2 - several vulnerabilities
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2005-310-04.NASL
    descriptionNew apache packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix potential security issues: * If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks. * Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method. It
    last seen2020-06-01
    modified2020-06-02
    plugin id20151
    published2005-11-07
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20151
    titleSlackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04)
  • NASL familyWeb Servers
    NASL idAPACHE_2_0_55.NASL
    descriptionThe remote host appears to be running a version of Apache that is prior to 2.0.55. It is, therefore affected by multiple vulnerabilities : - A security issue exists where
    last seen2020-06-01
    modified2020-06-02
    plugin id31656
    published2008-03-26
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31656
    titleApache < 2.0.55 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-638.NASL
    descriptionThis update includes version 2.0.53 of the Apache HTTP server, and also adds security fixes for CVE-2005-2088 and CVE-2005-1268. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19374
    published2005-08-03
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19374
    titleFedora Core 3 : httpd-2.0.53-3.2 (2005-638)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-582.NASL
    descriptionUpdated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and freely-available Web server. Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a
    last seen2020-06-01
    modified2020-06-02
    plugin id21843
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21843
    titleCentOS 3 / 4 : httpd (CESA-2005:582)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-639.NASL
    descriptionThis update security fixes for CVE-2005-2088 and CVE-2005-1268, along with some minor bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id19375
    published2005-08-03
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19375
    titleFedora Core 4 : httpd-2.0.54-10.1 (2005-639)
  • NASL familyHP-UX Local Security Checks
    NASL idHPUX_PHSS_34170.NASL
    descriptions700_800 11.04 Virtualvault 4.6 IWS update : A security vulnerability has been identified in Apache HTTP server versions prior to Apache 1.3.34 that may allow HTTP Request Splitting/Spoofing attacks, resulting in remote unauthorized access. References: Apache HTTP Server version 1.3.34 announcement.
    last seen2020-06-01
    modified2020-06-02
    plugin id21110
    published2006-03-21
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21110
    titleHP-UX PHSS_34170 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)

Oval

  • accepted2013-04-29T04:14:08.508-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
    familyunix
    idoval:org.mitre.oval:def:11452
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
    version26
  • accepted2010-09-20T04:00:09.602-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
    familyunix
    idoval:org.mitre.oval:def:1237
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleWebproxy HTTP Request Smuggling (B.11.04)
    version39
  • accepted2007-10-02T08:08:09.431-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    descriptionThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
    familyunix
    idoval:org.mitre.oval:def:1526
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleVirusVault HTTP Request Smuggling
    version35
  • accepted2007-10-02T08:08:10.027-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameTodd Dolinsky
      organizationOpsware, Inc.
    descriptionThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
    familyunix
    idoval:org.mitre.oval:def:1629
    statusaccepted
    submitted2006-03-18T07:24:00.000-04:00
    titleWebproxy HTTP Request Smuggling
    version35
  • accepted2006-01-25T07:30:00.000-04:00
    classvulnerability
    contributors
    nameRobert L. Hollis
    organizationThreatGuard, Inc.
    descriptionThe Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
    familyunix
    idoval:org.mitre.oval:def:840
    statusaccepted
    submitted2005-11-30T12:00:00.000-04:00
    titleApache HTTP Request Smuggling
    version36

Redhat

advisories
rhsa
idRHSA-2005:582
rpms
  • httpd-0:2.0.46-46.2.ent
  • httpd-0:2.0.52-12.1.ent
  • httpd-debuginfo-0:2.0.46-46.2.ent
  • httpd-debuginfo-0:2.0.52-12.1.ent
  • httpd-devel-0:2.0.46-46.2.ent
  • httpd-devel-0:2.0.52-12.1.ent
  • httpd-manual-0:2.0.52-12.1.ent
  • httpd-suexec-0:2.0.52-12.1.ent
  • mod_ssl-1:2.0.46-46.2.ent
  • mod_ssl-1:2.0.52-12.1.ent

Statements

contributorMark J Cox
lastmodified2008-07-02
organizationApache
statementFixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html

References