CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://seclists.org/lists/bugtraq/2005/Jun/0025.html	Issue Tracking Mailing List Third Party Advisory
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf	Broken Link
http://www.securiteam.com/securityreviews/5GP0220G0U.html	Broken Link Exploit
http://securitytracker.com/id?1014323	Broken Link Third Party Advisory VDB Entry
http://www.debian.org/security/2005/dsa-803	Third Party Advisory
http://www.debian.org/security/2005/dsa-805	Third Party Advisory
http://www.ubuntu.com/usn/usn-160-2	Broken Link
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html	Broken Link
http://docs.info.apple.com/article.html?artnum=302847	Broken Link
http://www.securityfocus.com/bid/15647	Third Party Advisory VDB Entry
http://secunia.com/advisories/17813	Not Applicable
http://secunia.com/advisories/14530	Not Applicable
http://secunia.com/advisories/17487	Not Applicable
http://www.securityfocus.com/bid/14106	Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1	Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1	Broken Link
http://secunia.com/advisories/19072	Not Applicable
http://secunia.com/advisories/19073	Not Applicable
http://www.redhat.com/support/errata/RHSA-2005-582.html	Third Party Advisory
http://www.apache.org/dist/httpd/CHANGES_1.3	Vendor Advisory
http://www.apache.org/dist/httpd/CHANGES_2.0	Vendor Advisory
http://secunia.com/advisories/19317	Not Applicable
http://secunia.com/advisories/17319	Not Applicable
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only	Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only	Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm	Third Party Advisory
http://secunia.com/advisories/19185	Not Applicable
http://www.novell.com/linux/security/advisories/2005_46_apache.html	Broken Link
http://www.novell.com/linux/security/advisories/2005_18_sr.html	Broken Link
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html	Broken Link
http://secunia.com/advisories/23074	Not Applicable
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130	Broken Link
http://securityreason.com/securityalert/604	Exploit Third Party Advisory
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828	Broken Link
http://www.vupen.com/english/advisories/2006/0789	Permissions Required
http://www.vupen.com/english/advisories/2006/1018	Permissions Required
http://www.vupen.com/english/advisories/2005/2140	Permissions Required
http://www.vupen.com/english/advisories/2006/4680	Permissions Required
http://www.vupen.com/english/advisories/2005/2659	Permissions Required
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3	Mailing List Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452	Third Party Advisory
http://www.securityfocus.com/archive/1/428138/100/0/threaded	Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.1:::::::*
	cpe:2.3:o:debian:debian_linux:3.0:::::::*

Information

Published : 2005-07-04 21:00

Updated : 2023-02-12 17:16

NVD link : CVE-2005-2088

Mitre link : CVE-2005-2088

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

debian

debian_linux

apache

http_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html", "name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf", "name": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html", "name": "http://www.securiteam.com/securityreviews/5GP0220G0U.html", "tags": ["Broken Link", "Exploit"], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1014323", "name": "1014323", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.debian.org/security/2005/dsa-803", "name": "DSA-803", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.debian.org/security/2005/dsa-805", "name": "DSA-805", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.ubuntu.com/usn/usn-160-2", "name": "USN-160-2", "tags": ["Broken Link"], "refsource": "UBUNTU"}, {"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html", "name": "TSLSA-2005-0059", "tags": ["Broken Link"], "refsource": "TRUSTIX"}, {"url": "http://docs.info.apple.com/article.html?artnum=302847", "name": "APPLE-SA-2005-11-29", "tags": ["Broken Link"], "refsource": "APPLE"}, {"url": "http://www.securityfocus.com/bid/15647", "name": "15647", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/17813", "name": "17813", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/14530", "name": "14530", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/17487", "name": "17487", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/14106", "name": "14106", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1", "name": "102197", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1", "name": "102198", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/19072", "name": "19072", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/19073", "name": "19073", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-582.html", "name": "RHSA-2005:582", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.apache.org/dist/httpd/CHANGES_1.3", "name": "http://www.apache.org/dist/httpd/CHANGES_1.3", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.apache.org/dist/httpd/CHANGES_2.0", "name": "http://www.apache.org/dist/httpd/CHANGES_2.0", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/19317", "name": "19317", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/17319", "name": "17319", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only", "name": "PK13959", "tags": ["Third Party Advisory"], "refsource": "AIXAPAR"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only", "name": "PK16139", "tags": ["Third Party Advisory"], "refsource": "AIXAPAR"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000", "name": "SSA:2005-310-04", "tags": ["Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/19185", "name": "19185", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2005_46_apache.html", "name": "SUSE-SA:2005:046", "tags": ["Broken Link"], "refsource": "SUSE"}, {"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html", "name": "SUSE-SR:2005:018", "tags": ["Broken Link"], "refsource": "SUSE"}, {"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html", "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/23074", "name": "23074", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:130", "name": "MDKSA-2005:130", "tags": ["Broken Link"], "refsource": "MANDRIVA"}, {"url": "http://securityreason.com/securityalert/604", "name": "604", "tags": ["Exploit", "Third Party Advisory"], "refsource": "SREASON"}, {"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828", "name": "HPSBUX02101", "tags": ["Broken Link"], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2006/0789", "name": "ADV-2006-0789", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/1018", "name": "ADV-2006-1018", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2005/2140", "name": "ADV-2005-2140", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4680", "name": "ADV-2006-4680", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2005/2659", "name": "ADV-2005-2659", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3", "name": "[apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840", "name": "oval:org.mitre.oval:def:840", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629", "name": "oval:org.mitre.oval:def:1629", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526", "name": "oval:org.mitre.oval:def:1526", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237", "name": "oval:org.mitre.oval:def:1237", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452", "name": "oval:org.mitre.oval:def:11452", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded", "name": "SSRT051251", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "HP"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", "name": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2088", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-07-05T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0.55", "versionStartIncluding": "2.0.35"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T01:16Z"}

4.3 /10