CVE-2005-2088 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-2088 Interim 1 4 2023-12-09T02:21:57Z current 2021-05-30T12:32:56Z 2023-12-09T02:21:57Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-2088 The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/W2EWT6WMPKZEBHQP4AI734PLFPICX6DC/#W2EWT6WMPKZEBHQP4AI734PLFPICX6DC E-Mail link for SUSE-SA:2005:046 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PYXHDPYYUNOTQCQD3V5Z7X4BPSKQDXF5/#PYXHDPYYUNOTQCQD3V5Z7X4BPSKQDXF5 E-Mail link for SUSE-SR:2005:018 https://www.suse.com/support/security/rating/ SUSE Security Ratings The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." CVE-2005-2088 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N