VDB
CVE-2005-2088
CVE-2005-2088
PUBLISHED
CVSS 4.300000190734863 MEDIUM
The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
EPSS 39.95% · 97.4th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
39.95%
97.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 3.0, 3.1 |
| n/a | n/a | n/a |
| apache | http_server | 2.0.35 |
Timeline
- Jun 30, 2005 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Apr 13, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
References
- 17319 third-party-advisory
- SUSE-SR:2005:018 vendor-advisory
- RHSA-2005:582 vendor-advisory
- SUSE-SA:2005:046 vendor-advisory
- USN-160-2 vendor-advisory
- ADV-2005-2140 vdb
- 17813 third-party-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm url
- ADV-2005-2659 vdb
- TSLSA-2005-0059 vendor-advisory
- PK13959 vendor-advisory
- SSA:2005-310-04 vendor-advisory
- oval:org.mitre.oval:def:840 vdb
- ADV-2006-1018 vdb
- SSRT051251 vendor-advisory
- MDKSA-2005:130 vendor-advisory
- http://www.apache.org/dist/httpd/CHANGES_1.3 url
- 19185 third-party-advisory
- http://www.apache.org/dist/httpd/CHANGES_2.0 url
- 14530 third-party-advisory
…and 52 more