CVE-2005-2088: XSS
First published: Thu Jun 30 2005(Updated: )
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | >=2.0.35<2.0.55 | |
| Debian | =3.0 | |
| Debian | =3.1 | |
| Apache Http Server | >=2.0.35<=2.0.55 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/lists/bugtraq/2005/Jun/0025.html
- http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
- http://www.securiteam.com/securityreviews/5GP0220G0U.html
- http://securitytracker.com/id?1014323
- http://www.debian.org/security/2005/dsa-803
- http://www.debian.org/security/2005/dsa-805
- http://www.ubuntu.com/usn/usn-160-2
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://docs.info.apple.com/article.html?artnum=302847
- http://www.securityfocus.com/bid/15647
- http://secunia.com/advisories/17813
- http://secunia.com/advisories/14530
- http://secunia.com/advisories/17487
- http://www.securityfocus.com/bid/14106
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
- http://secunia.com/advisories/19072
- http://secunia.com/advisories/19073
- http://www.redhat.com/support/errata/RHSA-2005-582.html
- http://www.apache.org/dist/httpd/CHANGES_1.3
- http://www.apache.org/dist/httpd/CHANGES_2.0
- http://secunia.com/advisories/19317
- http://secunia.com/advisories/17319
- http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
- http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
- http://secunia.com/advisories/19185
- http://www.novell.com/linux/security/advisories/2005_46_apache.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
- http://secunia.com/advisories/23074
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
- http://securityreason.com/securityalert/604
- http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
- http://www.vupen.com/english/advisories/2006/0789
- http://www.vupen.com/english/advisories/2006/1018
- http://www.vupen.com/english/advisories/2005/2140
- http://www.vupen.com/english/advisories/2006/4680
- http://www.vupen.com/english/advisories/2005/2659
- http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
- http://www.securityfocus.com/archive/1/428138/100/0/threaded
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2005-2088?
CVE-2005-2088 has a high severity level due to its potential to allow exploitation of web cache poisoning and XSS attacks.
How do I fix CVE-2005-2088?
To fix CVE-2005-2088, upgrade to Apache HTTP Server version 1.3.34 or 2.0.55 or later.
What systems are affected by CVE-2005-2088?
CVE-2005-2088 affects Apache HTTP Server versions earlier than 1.3.34 and 2.0.x before 2.0.55, as well as Debian versions 3.0 and 3.1.
What types of attacks can CVE-2005-2088 enable?
CVE-2005-2088 can enable web cache poisoning, XSS attacks, and bypassing web application firewalls.
Is CVE-2005-2088 related to HTTP request smuggling?
Yes, CVE-2005-2088 is associated with HTTP request smuggling due to its exploitation of transfer encoding and content length in HTTP headers.
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- collector/nvd-index
- vendor/apache
- canonical/apache http server
- version/apache http server/2.0.35
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/3.0
- version/debian gnu/linux/3.1
- version/apache http server/2.0.55