English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54439
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: apache
Summary:The remote host is missing an update to the system; as announced in the referenced advisory.
Description:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

apache
apache+ipv6
apache_fp
apache+ssl
apache+mod_perl
apache+mod_ssl
apache+mod_ssl+ipv6
ru-apache
ru-apache+mod_ssl

CVE-2005-2088
Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote
attackers to poison the web cache, bypass web application firewall
protection, and conduct XSS attacks via an HTTP request with both a
'Transfer-Encoding: chunked' header and a Content-Length header, which
causes Apache to incorrectly handle and forward the body of the
request in a way that causes the receiving server to process it as a
separate HTTP request, aka 'HTTP Request Smuggling.'

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-2088
1014323
http://securitytracker.com/id?1014323
102197
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
102198
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
14106
http://www.securityfocus.com/bid/14106
14530
http://secunia.com/advisories/14530
15647
http://www.securityfocus.com/bid/15647
17319
http://secunia.com/advisories/17319
17487
http://secunia.com/advisories/17487
17813
http://secunia.com/advisories/17813
19072
http://secunia.com/advisories/19072
19073
http://secunia.com/advisories/19073
19185
http://secunia.com/advisories/19185
19317
http://secunia.com/advisories/19317
20050606 A new whitepaper by Watchfire - HTTP Request Smuggling
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
23074
http://secunia.com/advisories/23074
604
http://securityreason.com/securityalert/604
ADV-2005-2140
http://www.vupen.com/english/advisories/2005/2140
ADV-2005-2659
http://www.vupen.com/english/advisories/2005/2659
ADV-2006-0789
http://www.vupen.com/english/advisories/2006/0789
ADV-2006-1018
http://www.vupen.com/english/advisories/2006/1018
ADV-2006-4680
http://www.vupen.com/english/advisories/2006/4680
APPLE-SA-2005-11-29
http://docs.info.apple.com/article.html?artnum=302847
DSA-803
http://www.debian.org/security/2005/dsa-803
DSA-805
http://www.debian.org/security/2005/dsa-805
HPSBUX02074
http://www.securityfocus.com/archive/1/428138/100/0/threaded
HPSBUX02101
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
MDKSA-2005:130
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
PK13959
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
PK16139
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
RHSA-2005:582
http://www.redhat.com/support/errata/RHSA-2005-582.html
SSA:2005-310-04
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
SSRT051128
SSRT051251
SUSE-SA:2005:046
http://www.novell.com/linux/security/advisories/2005_46_apache.html
SUSE-SR:2005:018
http://www.novell.com/linux/security/advisories/2005_18_sr.html
TSLSA-2005-0059
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
USN-160-2
http://www.ubuntu.com/usn/usn-160-2
[apache-httpd-announce] 20051014 Apache HTTP Server 2.0.55 Released
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.apache.org/dist/httpd/CHANGES_1.3
http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
oval:org.mitre.oval:def:11452
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
oval:org.mitre.oval:def:1237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
oval:org.mitre.oval:def:1526
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
oval:org.mitre.oval:def:1629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
oval:org.mitre.oval:def:840
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
CopyrightCopyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.