exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2005-2088

Status Candidate

Overview

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Related Files

Apple Security Advisory 2005-11-29
Posted Dec 2, 2005
Authored by Apple | Site apple.com

Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2005-2088, CVE-2005-2700, CVE-2005-2757, CVE-2005-3185, CVE-2005-3700, CVE-2005-2969, CVE-2005-3701, CVE-2005-2491, CVE-2005-3702, CVE-2005-3703, CVE-2005-3705, CVE-2005-1993, CVE-2005-3704
SHA-256 | e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984a
HP Security Bulletin 2005-12.51
Posted Nov 20, 2005
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2005-2491, CVE-2005-1268, CVE-2005-2728, CVE-2005-2088
SHA-256 | 0c88cd43198ceaaa105ad00fd4c4738c239da351f3bb32f882c51ff2df83961b
Debian Linux Security Advisory 805-1
Posted Sep 10, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 805-1 - Several problems have been discovered in Apache2, the next generation, scalable, extendible web server. The Common Vulnerabilities and Exposures project identifies the following problems:

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2005-1268, CVE-2005-2088, CVE-2005-2700, CVE-2005-2728
SHA-256 | 76ee9e0a891c5fe605b17c1465e881628ca40b4b293425b87ac49a639a55e4c0
Ubuntu Security Notice 160-2
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-160-2 - USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CVE-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the "universe" component of the archive).

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2088
SHA-256 | 4c77e34937b466d8814d9fdbcb4bfc9238594501b16e9bf4138b9bea0692a4a6
SUSE-SA-2005-046.txt
Posted Aug 17, 2005
Site suse.com

SUSE Security Announcement - A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to smuggle requests past filters by providing handcrafted header entries.

tags | advisory, remote, web
systems | linux, suse
advisories | CVE-2005-2088, CVE-2005-1268
SHA-256 | f2c1e27393e00e608df20530f2d81d124ab334a14e72c5c06bcdaa4e99e13fad
Ubuntu Security Notice 160-1
Posted Aug 5, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-160-1 - Multiple vulnerabilities exist in Apache 2.x. Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list (CRL) handler. Watchfire discovered that Apache insufficiently verified the Transfer-Encoding and Content-Length headers when acting as an HTTP proxy.

tags | advisory, web, overflow, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-1268, CVE-2005-2088
SHA-256 | 610b03eb7c16047b642cbaee4904e8cd04c4a4a3db1da1f42f420be9fd66160c
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close