CVE Kennung:	CAN-2005-2088
Beschreibung:	The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Test Kennungen:	Nicht verfügbar
Querverweise:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2088 AIX APAR: PK13959 http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only AIX APAR: PK16139 http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only http://docs.info.apple.com/article.html?artnum=302847 BugTraq ID: 14106 http://www.securityfocus.com/bid/14106 BugTraq ID: 15647 http://www.securityfocus.com/bid/15647 Bugtraq: 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling (Google Search) http://seclists.org/lists/bugtraq/2005/Jun/0025.html Debian Security Information: DSA-803 (Google Search) http://www.debian.org/security/2005/dsa-803 Debian Security Information: DSA-805 (Google Search) http://www.debian.org/security/2005/dsa-805 HPdes Security Advisory: HPSBUX02074 http://www.securityfocus.com/archive/1/428138/100/0/threaded HPdes Security Advisory: HPSBUX02101 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 HPdes Security Advisory: SSRT051128 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828 HPdes Security Advisory: SSRT051251 http://www.securityfocus.com/archive/1/428138/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2005:130 http://www.securiteam.com/securityreviews/5GP0220G0U.html http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840 RedHat Security Advisories: RHSA-2005:582 http://www.redhat.com/support/errata/RHSA-2005-582.html http://securitytracker.com/id?1014323 http://secunia.com/advisories/14530 http://secunia.com/advisories/17319 http://secunia.com/advisories/17487 http://secunia.com/advisories/17813 http://secunia.com/advisories/19072 http://secunia.com/advisories/19073 http://secunia.com/advisories/19185 http://secunia.com/advisories/19317 http://secunia.com/advisories/23074 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000 http://securityreason.com/securityalert/604 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 SuSE Security Announcement: SUSE-SA:2005:046 (Google Search) http://www.novell.com/linux/security/advisories/2005_46_apache.html SuSE Security Announcement: SUSE-SR:2005:018 (Google Search) http://www.novell.com/linux/security/advisories/2005_18_sr.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://www.ubuntu.com/usn/usn-160-2 http://www.vupen.com/english/advisories/2005/2140 http://www.vupen.com/english/advisories/2005/2659 http://www.vupen.com/english/advisories/2006/0789 http://www.vupen.com/english/advisories/2006/1018 http://www.vupen.com/english/advisories/2006/4680