Vulnerabilities > CVE-2005-3751 - Cross-Site Scripting vulnerability in Pound
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200606-05.NASL description The remote host is affected by the vulnerability described in GLSA-200606-05 (Pound: HTTP request smuggling) Pound fails to handle HTTP requests with conflicting last seen 2020-06-01 modified 2020-06-02 plugin id 21666 published 2006-06-08 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21666 title GLSA-200606-05 : Pound: HTTP request smuggling code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200606-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(21666); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2005-3751"); script_xref(name:"GLSA", value:"200606-05"); script_name(english:"GLSA-200606-05 : Pound: HTTP request smuggling"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200606-05 (Pound: HTTP request smuggling) Pound fails to handle HTTP requests with conflicting 'Content-Length' and 'Transfer-Encoding' headers correctly. Impact : An attacker could exploit this vulnerability by sending HTTP requests with specially crafted 'Content-Length' and 'Transfer-Encoding' headers to bypass certain security restrictions or to poison the web proxy cache. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200606-05" ); script_set_attribute( attribute:"solution", value: "All Pound users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose www-servers/pound" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pound"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/08"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-servers/pound", unaffected:make_list("ge 2.0.5", "rge 1.10", "rge 1.9.4"), vulnerable:make_list("lt 2.0.5"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Pound"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-934.NASL description Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-1391 : Overly long HTTP Host: headers may trigger a buffer overflow in the add_port() function, which may lead to the execution of arbitrary code. - CVE-2005-3751 : HTTP requests with conflicting Content-Length and Transfer-Encoding headers could lead to HTTP Request Smuggling Attack, which can be exploited to bypass packet filters or poison web caches. last seen 2020-06-01 modified 2020-06-02 plugin id 22800 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22800 title Debian DSA-934-1 : pound - several vulnerabilities
References
- http://secunia.com/advisories/18367
- http://secunia.com/advisories/18381
- http://secunia.com/advisories/20215
- http://secunia.com/advisories/20510
- http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
- http://www.debian.org/security/2005/dsa-934
- http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
- http://www.novell.com/linux/security/advisories/2006_05_19.html