exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2005-2088

Status Candidate

Overview

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Related Files

Apple Security Advisory 2005-11-29
Posted Dec 2, 2005
Authored by Apple | Site apple.com

Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2005-2088, CVE-2005-2700, CVE-2005-2757, CVE-2005-3185, CVE-2005-3700, CVE-2005-2969, CVE-2005-3701, CVE-2005-2491, CVE-2005-3702, CVE-2005-3703, CVE-2005-3705, CVE-2005-1993, CVE-2005-3704
SHA-256 | e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984a
Download | Favorite | View
HP Security Bulletin 2005-12.51
Posted Nov 20, 2005
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2005-2491, CVE-2005-1268, CVE-2005-2728, CVE-2005-2088
SHA-256 | 0c88cd43198ceaaa105ad00fd4c4738c239da351f3bb32f882c51ff2df83961b
Download | Favorite | View
Debian Linux Security Advisory 805-1
Posted Sep 10, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 805-1 - Several problems have been discovered in Apache2, the next generation, scalable, extendible web server. The Common Vulnerabilities and Exposures project identifies the following problems:

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2005-1268, CVE-2005-2088, CVE-2005-2700, CVE-2005-2728
SHA-256 | 76ee9e0a891c5fe605b17c1465e881628ca40b4b293425b87ac49a639a55e4c0
Download | Favorite | View
Ubuntu Security Notice 160-2
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-160-2 - USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CVE-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the "universe" component of the archive).

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2088
SHA-256 | 4c77e34937b466d8814d9fdbcb4bfc9238594501b16e9bf4138b9bea0692a4a6
Download | Favorite | View
SUSE-SA-2005-046.txt
Posted Aug 17, 2005
Site suse.com

SUSE Security Announcement - A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to smuggle requests past filters by providing handcrafted header entries.

tags | advisory, remote, web
systems | linux, suse
advisories | CVE-2005-2088, CVE-2005-1268
SHA-256 | f2c1e27393e00e608df20530f2d81d124ab334a14e72c5c06bcdaa4e99e13fad
Download | Favorite | View
Ubuntu Security Notice 160-1
Posted Aug 5, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-160-1 - Multiple vulnerabilities exist in Apache 2.x. Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list (CRL) handler. Watchfire discovered that Apache insufficiently verified the Transfer-Encoding and Content-Length headers when acting as an HTTP proxy.

tags | advisory, web, overflow, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-1268, CVE-2005-2088
SHA-256 | 610b03eb7c16047b642cbaee4904e8cd04c4a4a3db1da1f42f420be9fd66160c
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close