CVE-2005-2088

Apache HTTP Server 2.0.35-2.0.54 - HTTP Request Smuggling via Chunked Transfer Encoding

Title source: llm
STIX 2.1

Description

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

References (59)

Core 59
Core References
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17319
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_18_sr.html
Broken Link, Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-582.html
Broken Link vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_46_apache.html
Broken Link vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-160-2
Broken Link, Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2140
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17813
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Broken Link, Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2659
Broken Link vendor-advisory x_refsource_trustix
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Broken Link, Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
Broken Link, Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1018
Broken Link, Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/428138/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
Broken Link, Vendor Advisory x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_1.3
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19185
Broken Link, Vendor Advisory x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_2.0
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14530
Broken Link, Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4680
Exploit, Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/604
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17487
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19317
Broken Link vendor-advisory x_refsource_apple
http://docs.info.apple.com/article.html?artnum=302847
Broken Link vendor-advisory x_refsource_hp
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014323
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19072
Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
Broken Link, Exploit x_refsource_misc
http://www.securiteam.com/securityreviews/5GP0220G0U.html
Broken Link, Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-805
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19073
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15647
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14106
Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-803
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23074
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
Broken Link vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
Broken Link, Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0789

Scores

EPSS 0.2046
EPSS Percentile 97.2%

Details

CWE
CWE-444
Status published
Products (3)
apache/http_server 2.0.35 - 2.0.55
debian/debian_linux 3.0
debian/debian_linux 3.1
Published Jul 05, 2005
Tracked Since Feb 18, 2026