CVE - CVE-2005-2088

CVE-ID
CVE-2005-2088	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1014323 URL:http://securitytracker.com/id?1014323 MISC:102197 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1~~ (Obsolete source) MISC:102198 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1~~ (Obsolete source) MISC:14106 URL:http://www.securityfocus.com/bid/14106 MISC:14530 URL:http://secunia.com/advisories/14530 MISC:15647 URL:http://www.securityfocus.com/bid/15647 MISC:17319 URL:http://secunia.com/advisories/17319 MISC:17487 URL:http://secunia.com/advisories/17487 MISC:17813 URL:http://secunia.com/advisories/17813 MISC:19072 URL:http://secunia.com/advisories/19072 MISC:19073 URL:http://secunia.com/advisories/19073 MISC:19185 URL:http://secunia.com/advisories/19185 MISC:19317 URL:http://secunia.com/advisories/19317 MISC:20050606 A new whitepaper by Watchfire - HTTP Request Smuggling URL:http://seclists.org/lists/bugtraq/2005/Jun/0025.html MISC:23074 URL:http://secunia.com/advisories/23074 MISC:604 URL:http://securityreason.com/securityalert/604 MISC:ADV-2005-2140 URL:~~http://www.vupen.com/english/advisories/2005/2140~~ (Obsolete source) MISC:ADV-2005-2659 URL:~~http://www.vupen.com/english/advisories/2005/2659~~ (Obsolete source) MISC:ADV-2006-0789 URL:~~http://www.vupen.com/english/advisories/2006/0789~~ (Obsolete source) MISC:ADV-2006-1018 URL:~~http://www.vupen.com/english/advisories/2006/1018~~ (Obsolete source) MISC:ADV-2006-4680 URL:~~http://www.vupen.com/english/advisories/2006/4680~~ (Obsolete source) MISC:APPLE-SA-2005-11-29 URL:http://docs.info.apple.com/article.html?artnum=302847 MISC:DSA-803 URL:http://www.debian.org/security/2005/dsa-803 MISC:DSA-805 URL:http://www.debian.org/security/2005/dsa-805 MISC:HPSBUX02074 URL:http://www.securityfocus.com/archive/1/428138/100/0/threaded MISC:HPSBUX02101 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 MISC:MDKSA-2005:130 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:130~~ (Obsolete source) MISC:PK13959 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only MISC:PK16139 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only MISC:RHSA-2005:582 URL:http://www.redhat.com/support/errata/RHSA-2005-582.html MISC:SSA:2005-310-04 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 MISC:SSRT051128 URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 MISC:SSRT051251 URL:http://www.securityfocus.com/archive/1/428138/100/0/threaded MISC:SUSE-SA:2005:046 URL:http://www.novell.com/linux/security/advisories/2005_46_apache.html MISC:SUSE-SR:2005:018 URL:http://www.novell.com/linux/security/advisories/2005_18_sr.html MISC:TSLSA-2005-0059 URL:~~http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html~~ (Obsolete source - check if archived by the Wayback Machine) MISC:USN-160-2 URL:http://www.ubuntu.com/usn/usn-160-2 MISC:[apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released URL:http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 MISC:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/ URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E MISC:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm MISC:http://www.apache.org/dist/httpd/CHANGES_1.3 URL:http://www.apache.org/dist/httpd/CHANGES_1.3 MISC:http://www.apache.org/dist/httpd/CHANGES_2.0 URL:http://www.apache.org/dist/httpd/CHANGES_2.0 MISC:http://www.securiteam.com/securityreviews/5GP0220G0U.html URL:http://www.securiteam.com/securityreviews/5GP0220G0U.html MISC:http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf URL:http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf MISC:https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html URL:https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html MISC:oval:org.mitre.oval:def:11452 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452 MISC:oval:org.mitre.oval:def:1237 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237 MISC:oval:org.mitre.oval:def:1526 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526 MISC:oval:org.mitre.oval:def:1629 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629 MISC:oval:org.mitre.oval:def:840 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
Assigning CNA
Red Hat, Inc.
Date Record Created
20050630	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050630)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)