Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD651996E0-FE07-11D9-8329-000E0C2E438A
HistoryJul 25, 2005 - 12:00 a.m.

apache -- http request smuggling

2005-07-2500:00:00
vuxml.freebsd.org
25

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.963

Percentile

99.6%

JSON

A Watchfire whitepaper reports an vulnerability in the
Apache webserver. The vulnerability can be exploited by
malicious people causing cross site scripting, web cache
poisoining, session hijacking and most importantly the
ability to bypass web application firewall protection.
Exploiting this vulnerability requires multiple carefully
crafted HTTP requests, taking advantage of an caching server,
proxy server, web application firewall etc. This only affects
installations where Apache is used as HTTP proxy in
combination with the following web servers:

IIS/6.0 and 5.0
Apache 2.0.45 (as web server)
apache 1.3.29
WebSphere 5.1 and 5.0
WebLogic 8.1 SP1
Oracle9iAS web server 9.0.2
SunONE web server 6.1 SP4

Related

nessus 26
openvas 34
nvd 1
ubuntucve 1
cve 1
debiancve 1
debian 4
httpd 1
cvelist 1
osv 2
suse 1
centos 1
ubuntu 1
redhat 1
nessus
nessus
HP-UX PHSS_34203 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
2006-03-21 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : apache (SSA:2005-310-04)
2005-11-07 00:00:00
HP-UX PHSS_34169 : HP-UX VirtualVault running Apache 1.3.X Remote Unauthorized Access (HPSBUX02101 SSRT051128 rev.1)
2006-03-21 00:00:00
openvas
openvas
SLES9: Security update for apache and mod_ssl
2009-10-10 00:00:00
FreeBSD Ports: apache
2008-09-04 00:00:00
Debian: Security Advisory (DSA-803-1)
2008-01-17 00:00:00
nvd
nvd
CVE-2005-2088
2005-07-05 04:00:00
ubuntucve
ubuntucve
CVE-2005-2088
2005-07-05 00:00:00
cve
cve
CVE-2005-2088
2005-07-05 04:00:00
debiancve
debiancve
CVE-2005-2088
2005-07-05 04:00:00
debian
debian
[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
2005-09-08 06:00:50
[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smuggling
2005-09-08 06:00:50
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilities
2005-09-08 18:07:44
httpd
httpd
Apache Httpd < 2.0.55 : HTTP Request Spoofing
2005-10-14 00:00:00
cvelist
cvelist
CVE-2005-2088
2005-06-30 04:00:00
osv
osv
apache - programming error
2005-09-08 00:00:00
apache2 - several
2005-09-08 00:00:00
suse
suse
authentication bypass in apache,apache2
2005-08-16 08:42:40
centos
centos
httpd, mod_ssl security update
2005-07-25 10:13:58
ubuntu
ubuntu
Apache 2 vulnerabilities
2005-08-04 00:00:00
redhat
redhat
(RHSA-2005:582) httpd security update
2005-07-25 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.963

Percentile

99.6%

JSON
Related for 651996E0-FE07-11D9-8329-000E0C2E438A
nessus26openvas34nvd1ubuntucve1cve1debiancve1debian4httpd1cvelist1osv2suse1centos1ubuntu1redhat1