CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
99.6%
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a “Transfer-Encoding: chunked” header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka “HTTP Request Smuggling.”
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | * | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
debian | debian_linux | 3.0 | cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* |
debian | debian_linux | 3.1 | cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* |
docs.info.apple.com/article.html?artnum=302847
lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
seclists.org/lists/bugtraq/2005/Jun/0025.html
secunia.com/advisories/14530
secunia.com/advisories/17319
secunia.com/advisories/17487
secunia.com/advisories/17813
secunia.com/advisories/19072
secunia.com/advisories/19073
secunia.com/advisories/19185
secunia.com/advisories/19317
secunia.com/advisories/23074
securityreason.com/securityalert/604
securitytracker.com/id?1014323
slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
support.avaya.com/elmodocs2/security/ASA-2006-081.htm
www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
www.apache.org/dist/httpd/CHANGES_1.3
www.apache.org/dist/httpd/CHANGES_2.0
www.debian.org/security/2005/dsa-803
www.debian.org/security/2005/dsa-805
www.mandriva.com/security/advisories?name=MDKSA-2005:130
www.novell.com/linux/security/advisories/2005_18_sr.html
www.novell.com/linux/security/advisories/2005_46_apache.html
www.redhat.com/support/errata/RHSA-2005-582.html
www.securiteam.com/securityreviews/5GP0220G0U.html
www.securityfocus.com/archive/1/428138/100/0/threaded
www.securityfocus.com/bid/14106
www.securityfocus.com/bid/15647
www.ubuntu.com/usn/usn-160-2
www.vupen.com/english/advisories/2005/2140
www.vupen.com/english/advisories/2005/2659
www.vupen.com/english/advisories/2006/0789
www.vupen.com/english/advisories/2006/1018
www.vupen.com/english/advisories/2006/4680
www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
More