CVE-2005-2088 · threatengine.sh

Home/CVE/The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to

CVE

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling.".

MEDIUM · CVSS 4.3 EPSS 0.39952

Schedule remediation

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 3% of all CVEs by exploitation likelihood
Public exploit or PoC is available

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

▤

Affected Products & Versions

2

apache http server>= 2.0.35 and < 2.0.55

debian linuxall versions

⚠

Public Exploits & PoCs

2

pocsecurityreason.com · securityalert/604securityreason.com

pocwww.securiteam.com · 5GP0220G0U.htmlwww.securiteam.com

▣

Scoring & Timeline

4.3

MEDIUM · CVSS v2 (legacy) · secalert@redhat.com

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Published to NVD05 Jul 2005 · 04:00 AM

⚑

Vendor Advisories

2

rhsaRHSA-2005:582Moderate

🔗

References & Sources

57

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://docs.info.apple.com/article.html?artnum=302847Broken Link

http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlBroken Link

http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3Mailing ListThird Party Advisory

http://seclists.org/lists/bugtraq/2005/Jun/0025.htmlIssue TrackingMailing ListThird Party Advisory

http://secunia.com/advisories/14530Not Applicable

http://secunia.com/advisories/17319Not Applicable

Show all 57 references

http://secunia.com/advisories/17487Not Applicable

http://secunia.com/advisories/17813Not Applicable

http://secunia.com/advisories/19072Not Applicable

http://secunia.com/advisories/19073Not Applicable

http://secunia.com/advisories/19185Not Applicable

http://secunia.com/advisories/19317Not Applicable

http://secunia.com/advisories/23074Not Applicable

http://securitytracker.com/id?1014323Broken LinkThird Party AdvisoryVDB Entry

http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1Broken Link

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htmThird Party Advisory

http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=onlyBroken LinkThird Party Advisory

http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=onlyBroken LinkThird Party Advisory

http://www.apache.org/dist/httpd/CHANGES_1.3Broken LinkVendor Advisory

http://www.apache.org/dist/httpd/CHANGES_2.0Broken LinkVendor Advisory

http://www.debian.org/security/2005/dsa-803Mailing ListThird Party Advisory

http://www.debian.org/security/2005/dsa-805Mailing ListThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:130Third Party Advisory

http://www.novell.com/linux/security/advisories/2005_18_sr.htmlBroken Link

http://www.novell.com/linux/security/advisories/2005_46_apache.htmlBroken Link

http://www.redhat.com/support/errata/RHSA-2005-582.htmlBroken LinkThird Party Advisory

http://www.securityfocus.com/archive/1/428138/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/14106Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/15647Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-160-2Broken Link

http://www.vupen.com/english/advisories/2005/2140Broken LinkPermissions Required

http://www.vupen.com/english/advisories/2005/2659Broken LinkPermissions Required

http://www.vupen.com/english/advisories/2006/0789Broken LinkPermissions Required

http://www.vupen.com/english/advisories/2006/1018Broken LinkPermissions Required

http://www.vupen.com/english/advisories/2006/4680Broken LinkPermissions Required

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdfBroken Link

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828Broken Link

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3EMailing ListVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840Broken LinkThird Party Advisory

https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.htmlBroken Link

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin