VDB

CVE-2005-2088

CVE-2005-2088 PUBLISHED CVSS 4.300000190734863 MEDIUM

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

EPSS 39.95% · 97.4th percentile

Risk Scores

CVSS 2.0
4.300000190734863
EPSS Score
39.95%
97.4th percentile

Affected Products

VendorProductVersions
debiandebian_linux3.0, 3.1
n/an/an/a
apachehttp_server2.0.35

Timeline

  • Jun 30, 2005 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 24, 2025 EPSS Score
  • Mar 25, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Apr 13, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
  • Jun 1, 2025 EPSS Score
  • Jul 1, 2025 EPSS Score

References

…and 52 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›