Vulnerability Details : CVE-2005-3751
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2005-3751
- cpe:2.3:a:apsis:pound:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-3751
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-3751
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2005-3751
-
http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
Pound: HTTP request smuggling (GLSA 200606-05) — Gentoo security
-
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
David Maucher | WordPress Experte // Web Entwickler
-
http://www.debian.org/security/2005/dsa-934
[SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities
-
http://www.novell.com/linux/security/advisories/2006_05_19.html
404 Page Not Found | SUSE
Jump to