Lucene search

[email protected]CVE-2005-3751

HistoryNov 22, 2005 - 8:03 p.m.

CVE-2005-3751

2005-11-2220:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3751

http request smuggling

pound

web cache

web application firewall

xss attacks

8.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

CPENameOperatorVersion
apsis:poundapsis poundle1.9.3

CPE	Name	Operator	Version
apsis:pound	apsis pound	le	1.9.3

References

secunia.com/advisories/18367

secunia.com/advisories/18381

secunia.com/advisories/20215

secunia.com/advisories/20510

www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000

www.debian.org/security/2005/dsa-934

www.gentoo.org/security/en/glsa/glsa-200606-05.xml

www.novell.com/linux/security/advisories/2006_05_19.html

8.9 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.2%

JSON

Related for CVE-2005-3751

nessus3 debiancve2 gentoo1 openvas2 prion1 osv1 securityvulns1 debian2 cve1 ubuntucve1