The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Score CVSS v2.0
4.3
/ 10.0
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Informations
- Publié
- 5 juil. 2005
- Mis à jour
- 16 avr. 2026
- Statut
- Modified
- Source
- secalert@redhat.com
Produits affectés
apache http serverToutes les CVE Apache HTTP Server →
Versions : 2.0.55
debian debian linux
Versions : 3.0, 3.1
Faiblesses (CWE)
CWE-444
Références (118)
- http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3Mailing ListThird Party Advisory
- http://seclists.org/lists/bugtraq/2005/Jun/0025.htmlIssue TrackingMailing ListThird Party Advisory
- http://secunia.com/advisories/14530Not Applicable
- http://secunia.com/advisories/17319Not Applicable
- http://secunia.com/advisories/17487Not Applicable
- http://secunia.com/advisories/17813Not Applicable
- http://secunia.com/advisories/19072Not Applicable
- http://secunia.com/advisories/19073Not Applicable
- http://secunia.com/advisories/19185Not Applicable
- http://secunia.com/advisories/19317Not Applicable
- http://secunia.com/advisories/23074Not Applicable
- http://securityreason.com/securityalert/604ExploitThird Party Advisory
- http://securitytracker.com/id?1014323Broken LinkThird Party AdvisoryVDB Entry
- + 103 autres références sur NVD
CVEs similaires
Autres vulnérabilités de type CWE-444
Loading…
Surveillez vos produits
Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.