Unrated severityNVD Advisory· Published Jul 5, 2005· Updated Apr 16, 2026
CVE-2005-2088
CVE-2005-2088
Description
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Affected products
3cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
59- securityreason.com/securityalert/604nvdExploitThird Party Advisory
- www.securiteam.com/securityreviews/5GP0220G0U.htmlnvdBroken LinkExploit
- marc.infonvdMailing ListThird Party Advisory
- seclists.org/lists/bugtraq/2005/Jun/0025.htmlnvdIssue TrackingMailing ListThird Party Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- slackware.com/security/viewer.phpnvdThird Party Advisory
- support.avaya.com/elmodocs2/security/ASA-2006-081.htmnvdThird Party Advisory
- www-1.ibm.com/support/search.wssnvdBroken LinkThird Party Advisory
- www-1.ibm.com/support/search.wssnvdBroken LinkThird Party Advisory
- www.apache.org/dist/httpd/CHANGES_1.3nvdBroken LinkVendor Advisory
- www.apache.org/dist/httpd/CHANGES_2.0nvdBroken LinkVendor Advisory
- www.debian.org/security/2005/dsa-803nvdMailing ListThird Party Advisory
- www.debian.org/security/2005/dsa-805nvdMailing ListThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2005-582.htmlnvdBroken LinkThird Party Advisory
- www.securityfocus.com/archive/1/428138/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/14106nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/15647nvdBroken LinkThird Party AdvisoryVDB Entry
- lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EnvdMailing ListVendor Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840nvdBroken LinkThird Party Advisory
- docs.info.apple.com/article.htmlnvdBroken Link
- lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlnvdBroken Link
- secunia.com/advisories/14530nvdNot Applicable
- secunia.com/advisories/17319nvdNot Applicable
- secunia.com/advisories/17487nvdNot Applicable
- secunia.com/advisories/17813nvdNot Applicable
- secunia.com/advisories/19072nvdNot Applicable
- secunia.com/advisories/19073nvdNot Applicable
- secunia.com/advisories/19185nvdNot Applicable
- secunia.com/advisories/19317nvdNot Applicable
- secunia.com/advisories/23074nvdNot Applicable
- sunsolve.sun.com/search/document.donvdBroken Link
- sunsolve.sun.com/search/document.donvdBroken Link
- www.novell.com/linux/security/advisories/2005_18_sr.htmlnvdBroken Link
- www.novell.com/linux/security/advisories/2005_46_apache.htmlnvdBroken Link
- www.ubuntu.com/usn/usn-160-2nvdBroken Link
- www.vupen.com/english/advisories/2005/2140nvdBroken LinkPermissions Required
- www.vupen.com/english/advisories/2005/2659nvdBroken LinkPermissions Required
- www.vupen.com/english/advisories/2006/0789nvdBroken LinkPermissions Required
- www.vupen.com/english/advisories/2006/1018nvdBroken LinkPermissions Required
- www.vupen.com/english/advisories/2006/4680nvdBroken LinkPermissions Required
- www.watchfire.com/resources/HTTP-Request-Smuggling.pdfnvdBroken Link
- www1.itrc.hp.com/service/cki/docDisplay.donvdBroken Link
- secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.htmlnvdBroken Link
News mentions
0No linked articles in our index yet.