CVE-2005-2088

2005-07-0504:00:00

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.963 High

EPSS

Percentile

99.5%

JSON

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a “Transfer-Encoding: chunked” header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka “HTTP Request Smuggling.”

OSVersionArchitecturePackageVersionFilename
Debian12allapache2< 2.0.54-5apache2_2.0.54-5_all.deb
Debian11allapache2< 2.0.54-5apache2_2.0.54-5_all.deb
Debian10allapache2< 2.0.54-5apache2_2.0.54-5_all.deb
Debian999allapache2< 2.0.54-5apache2_2.0.54-5_all.deb
Debian13allapache2< 2.0.54-5apache2_2.0.54-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	apache2	< 2.0.54-5	apache2_2.0.54-5_all.deb
Debian	11	all	apache2	< 2.0.54-5	apache2_2.0.54-5_all.deb
Debian	10	all	apache2	< 2.0.54-5	apache2_2.0.54-5_all.deb
Debian	999	all	apache2	< 2.0.54-5	apache2_2.0.54-5_all.deb
Debian	13	all	apache2	< 2.0.54-5	apache2_2.0.54-5_all.deb