what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2005-2088

Status Candidate

Overview

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Related Files

Apple Security Advisory 2005-11-29
Posted Dec 2, 2005
Authored by Apple | Site apple.com

Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2005-2088, CVE-2005-2700, CVE-2005-2757, CVE-2005-3185, CVE-2005-3700, CVE-2005-2969, CVE-2005-3701, CVE-2005-2491, CVE-2005-3702, CVE-2005-3703, CVE-2005-3705, CVE-2005-1993, CVE-2005-3704
SHA-256 | e7bb6ec0504327630e33ae50f3e506dd37e28fb70583d43167e478159852984a
Download | Favorite | View
HP Security Bulletin 2005-12.51
Posted Nov 20, 2005
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerability could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2005-2491, CVE-2005-1268, CVE-2005-2728, CVE-2005-2088
SHA-256 | 0c88cd43198ceaaa105ad00fd4c4738c239da351f3bb32f882c51ff2df83961b
Download | Favorite | View
Debian Linux Security Advisory 805-1
Posted Sep 10, 2005
Authored by Debian | Site debian.org

Debian Security Advisory DSA 805-1 - Several problems have been discovered in Apache2, the next generation, scalable, extendible web server. The Common Vulnerabilities and Exposures project identifies the following problems:

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2005-1268, CVE-2005-2088, CVE-2005-2700, CVE-2005-2728
SHA-256 | 76ee9e0a891c5fe605b17c1465e881628ca40b4b293425b87ac49a639a55e4c0
Download | Favorite | View
Ubuntu Security Notice 160-2
Posted Sep 8, 2005
Authored by Ubuntu, Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-160-2 - USN-160-1 fixed two vulnerabilities in the Apache 2 server. The old Apache 1 server was also vulnerable to one of the vulnerabilities (CVE-2005-2088). Please note that Apache 1 is not officially supported in Ubuntu (it is in the "universe" component of the archive).

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-2088
SHA-256 | 4c77e34937b466d8814d9fdbcb4bfc9238594501b16e9bf4138b9bea0692a4a6
Download | Favorite | View
SUSE-SA-2005-046.txt
Posted Aug 17, 2005
Site suse.com

SUSE Security Announcement - A security flaw was found in the Apache and Apache2 web servers which allows remote attacker to smuggle requests past filters by providing handcrafted header entries.

tags | advisory, remote, web
systems | linux, suse
advisories | CVE-2005-2088, CVE-2005-1268
SHA-256 | f2c1e27393e00e608df20530f2d81d124ab334a14e72c5c06bcdaa4e99e13fad
Download | Favorite | View
Ubuntu Security Notice 160-1
Posted Aug 5, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-160-1 - Multiple vulnerabilities exist in Apache 2.x. Marc Stern discovered a buffer overflow in the SSL module's certificate revocation list (CRL) handler. Watchfire discovered that Apache insufficiently verified the Transfer-Encoding and Content-Length headers when acting as an HTTP proxy.

tags | advisory, web, overflow, vulnerability
systems | linux, ubuntu
advisories | CVE-2005-1268, CVE-2005-2088
SHA-256 | 610b03eb7c16047b642cbaee4904e8cd04c4a4a3db1da1f42f420be9fd66160c
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close