Vulnerability Details : CVE-2005-2088
Potential exploit
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2005-2088
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Threat overview for CVE-2005-2088
Top countries where our scanners detected CVE-2005-2088
Top open port discovered on systems with this issue
80
IPs affected by CVE-2005-2088 102,649
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2005-2088!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2005-2088
96.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2088
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2005-2088
-
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2005-2088
-
Apache 2008-07-02Fixed in Apache HTTP Server 2.0.55: http://httpd.apache.org/security/vulnerabilities_20.html
References for CVE-2005-2088
-
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Mailing List;Vendor Advisory
-
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
HTTP 404 Page Not FoundBroken Link
-
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
Apache Mail ArchivesMailing List;Vendor Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
Broken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
Broken Link
-
http://www.securityfocus.com/bid/14106
Broken Link;Third Party Advisory;VDB Entry
-
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
Broken Link;Third Party Advisory
-
http://www.apache.org/dist/httpd/CHANGES_1.3
404 Not FoundBroken Link;Vendor Advisory
-
http://www.novell.com/linux/security/advisories/2005_18_sr.html
404 Page Not Found | SUSEBroken Link
-
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail ArchivesMailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2005/2140
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Permissions Required
-
http://www.redhat.com/support/errata/RHSA-2005-582.html
SupportBroken Link;Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
404 Not FoundBroken Link;Third Party Advisory
-
http://secunia.com/advisories/19185
About Secunia Research | FlexeraNot Applicable
-
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
IBM notice: The page you requested cannot be displayedBroken Link;Third Party Advisory
-
http://docs.info.apple.com/article.html?artnum=302847
Broken Link
-
http://securityreason.com/securityalert/604
Apache-based Web Server on HP-UX mod_ssl, proxy_http, Remote Execution of Arbitrary Code, Denial of Service (DoS), and Unauthori - CXSecurity.comExploit;Third Party Advisory
-
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
Broken Link
-
http://www.apache.org/dist/httpd/CHANGES_2.0
404 Not FoundBroken Link;Vendor Advisory
-
http://secunia.com/advisories/14530
About Secunia Research | FlexeraNot Applicable
-
http://securitytracker.com/id?1014323
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
404 Not FoundBroken Link;Third Party Advisory
-
http://www.securityfocus.com/archive/1/428138/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/23074
About Secunia Research | FlexeraNot Applicable
-
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Bugtraq: A new whitepaper by Watchfire - HTTP Request SmugglingIssue Tracking;Mailing List;Third Party Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Third Party Advisory
-
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Broken Link
-
http://www.vupen.com/english/advisories/2006/0789
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Permissions Required
-
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
'[Announce] Apache HTTP Server 2.0.55 Released' - MARCMailing List;Third Party Advisory
-
http://www.novell.com/linux/security/advisories/2005_46_apache.html
404 Page Not Found | SUSEBroken Link
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
The Slackware Linux Project: Slackware Security AdvisoriesThird Party Advisory
-
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Mailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/4680
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Permissions Required
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
404 Not FoundBroken Link;Third Party Advisory
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Apache Mail ArchivesMailing List;Vendor Advisory
-
http://www.ubuntu.com/usn/usn-160-2
404: Page not found | UbuntuBroken Link
-
http://secunia.com/advisories/19073
About Secunia Research | FlexeraNot Applicable
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
404 Not FoundBroken Link;Third Party Advisory
-
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Mailing List;Vendor Advisory
-
http://www.debian.org/security/2005/dsa-803
[SECURITY] [DSA 803-1] New Apache packages fix HTTP request smugglingMailing List;Third Party Advisory
-
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
404 Not FoundBroken Link
-
http://www.debian.org/security/2005/dsa-805
[SECURITY] [DSA 805-1] New Apache2 packages fix several vulnerabilitiesMailing List;Third Party Advisory
-
http://secunia.com/advisories/17487
About Secunia Research | FlexeraNot Applicable
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
404 Not FoundBroken Link;Third Party Advisory
-
http://secunia.com/advisories/19317
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/-Apache Mail ArchivesMailing List;Vendor Advisory
-
http://www.securiteam.com/securityreviews/5GP0220G0U.html
Vulnerability Security Testing & DAST | Fortra's Beyond SecurityBroken Link;Exploit
-
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/-Apache Mail ArchivesMailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html sMailing List;Vendor Advisory
-
http://secunia.com/advisories/17813
About Secunia Research | FlexeraNot Applicable
-
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Mailing List;Vendor Advisory
-
http://secunia.com/advisories/17319
About Secunia Research | FlexeraNot Applicable
-
http://www.vupen.com/english/advisories/2006/1018
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Permissions Required
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail ArchivesMailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2005/2659
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Permissions Required
-
http://secunia.com/advisories/19072
About Secunia Research | FlexeraNot Applicable
-
http://www.securityfocus.com/bid/15647
Broken Link;Third Party Advisory;VDB Entry
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
Advisories - Mandriva LinuxThird Party Advisory
Jump to