Apache HTTP Request Parsing HTML Injection

2005-06-3000:00:00

Tenable

www.tenable.com

The remote host appears to be running a version of Apache, an open source web server. This version of Apache is vulnerable to a flaw in the way that it handles malformed HTTP requests. An attacker exploiting this flaw would be able to possibly corrupt cache memory or inject HTML requests to a vulnerable Apache server. The vulnerability stems from a non-conformance to RFC 2616 that states that HTTP requests must not include both a ‘Content-Length’ and ‘Transfer-Encoding’ field.

Binary data 3042.prm

VendorProductVersionCPE
apachehttp_servercpe:/a:apache:http_server

Vendor	Product	Version	CPE
apache	http_server		cpe:/a:apache:http_server

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1993

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2757

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3700

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3701

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3702

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3704

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3705

www.apache.org

JSON