Description
Apsis Pound before 2.8a allows request smuggling via crafted headers, a different vulnerability than CVE-2005-3751.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/02/msg00015.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/04/msg00028.html
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/05/msg00003.html
Scores
CVSS v3
9.8
EPSS
0.0289
EPSS Percentile
85.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-444
Status
published
Products (2)
apsis/pound
< 2.7
debian/debian_linux
7.0
Published
Jan 29, 2018
Tracked Since
Feb 18, 2026