Apache – CVE-2005-2088

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to several types of attacks. Also known as CVE-2005-2088.

When acting as an HTTP proxy, remote attackers are allowed to conduct Cache Poisoning and bypass WAFs (Web Application Firewall).
They can also initiate XSS attacks by an HTTP request with both a “Transfer-Encoding: chunked” header and a “Content-Length” header.
That will cause Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request. In other words, he will perform a “HTTP Request Smuggling”.

Recommendation

To fix CVE-2005-2088, upgrade the version of Apache Server being used to 2.0.55.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »