Description
Kayran has detected that the version of Apache HTTP Server being used is vulnerable to several types of attacks. Also known as CVE-2005-2088.
When acting as an HTTP proxy, remote attackers are allowed to conduct Cache Poisoning and bypass WAFs (Web Application Firewall).
They can also initiate XSS attacks by an HTTP request with both a “Transfer-Encoding: chunked” header and a “Content-Length” header.
That will cause Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request. In other words, he will perform a “HTTP Request Smuggling”.
Recommendation
To fix CVE-2005-2088, upgrade the version of Apache Server being used to 2.0.55.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088
