CVE-2005-2088 in HTTP Serverinfo

Summary

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

06/30/2005

Disclosure

07/05/2005

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
1839	IBM HTTP Server Transfer-Encoding cross site scripting	80	Proof-of-Concept	Official fix	CVE-2005-2088
1652	Apache HTTP Server mod_ssl cross site scripting	80	Proof-of-Concept	Official fix	CVE-2005-2088
1651	Apache HTTP Server HTTP Header		Proof-of-Concept	Official fix	CVE-2005-2088

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Want to know what is going to be exploited?

We predict KEV entries!