exploits , vulnerabilities , articles , Apache HTTP Request Smuggling Vulnerability

Title	Apache HTTP Request Smuggling Vulnerability
Published	2005-06-30-12:00AM
Updated	2005-11-16-06:39PM
Class	Input Validation Error
CVE	CAN-2005-2088
Remote	Yes
Local	No
Credit	Discovery of this issue is credited to Chaim Linhart, Amit Klein, Ronen Heled, and Steve Orrin of Watchfire.
Vulnerable	Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Enterprise Linux 2.0 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux current SGI ProPack 3.0 SP6 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. OpenEnterpriseServer 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 RedHat Fedora Core4 RedHat Fedora Core3 MandrakeSoft Linux Mandrake 10.2 x86_64 MandrakeSoft Linux Mandrake 10.2 MandrakeSoft Linux Mandrake 10.1 x86_64 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.0 amd64 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 IBM HTTP Server 1.3.28 .1 IBM HTTP Server 1.3.28 IBM HTTP Server 1.3.26 .2 IBM HTTP Server 1.3.26 .1 IBM HTTP Server 1.3.26 IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0 IBM Hardware Management Console (HMC) for pSeries 3.3.2 IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0 IBM Hardware Management Console (HMC) for iSeries 3.3.2 HP HPUX 11.23 HP HPUX 11.11 HP HPUX 11.0 HP HPUX B.11.23 HP HPUX B.11.11 HP HPUX B.11.11 HP HPUX B.11.00 Conectiva Linux 10.0 Conectiva Linux 9.0 Apache Software Foundation Apache 2.1.5 Apache Software Foundation Apache 2.1.4 Apache Software Foundation Apache 2.1.3 Apache Software Foundation Apache 2.1.2 Apache Software Foundation Apache 2.1.1 Apache Software Foundation Apache 2.1 Apache Software Foundation Apache 2.0.54 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 Apache Software Foundation Apache 2.0.50 MandrakeSoft Linux Mandrake 10.1 MandrakeSoft Linux Mandrake 10.1 x86_64 Apache Software Foundation Apache 2.0.49 S.u.S.E. Linux Personal 9.1 Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Apache Software Foundation Apache 2.0.48 Apache Software Foundation Apache 2.0.47 Apache Software Foundation Apache 2.0.46 RedHat Desktop 3.0 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux WS 3 Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.45 Apple Mac OS X 10.0 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.4 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.5 Apple Mac OS X 10.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.6 Conectiva Linux 9.0 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 RedHat Linux 8.0 RedHat Linux 9.0 i386 Terra Soft Solutions Yellow Dog Linux 3.0 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.0.36 Apache Software Foundation Apache 2.0.35 Apache Software Foundation Apache 2.0.32 Apache Software Foundation Apache 2.0.28 Beta Apache Software Foundation Apache 2.0.28 Apache Software Foundation Apache 2.0 a9 Apache Software Foundation Apache 2.0 Apache Software Foundation Apache 1.3.33 Apple Mac OS X 10.2.8 Apple Mac OS X 10.3.6 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.3.6 Debian Linux 3.1 Debian Linux 3.1 alpha Debian Linux 3.1 amd64 Debian Linux 3.1 arm Debian Linux 3.1 hppa Debian Linux 3.1 ia32 Debian Linux 3.1 ia64 Debian Linux 3.1 m68k Debian Linux 3.1 mips Debian Linux 3.1 mipsel Debian Linux 3.1 ppc Debian Linux 3.1 s/390 Debian Linux 3.1 sparc Apache Software Foundation Apache 1.3.29 Apple Mac OS X 10.2.7 Apple Mac OS X 10.3.5 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.3.5 MandrakeSoft Linux Mandrake 10.0 MandrakeSoft Linux Mandrake 10.0 amd64 OpenPKG OpenPKG 2.0 Apache Software Foundation Apache 1.3.26 Conectiva Linux 6.0 Conectiva Linux 7.0 Conectiva Linux 8.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc MandrakeSoft Corporate Server 2.1 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Linux Mandrake 9.0 OpenPKG OpenPKG 1.1 Trustix Secure Linux 1.1 Trustix Secure Linux 1.2 Trustix Secure Linux 1.5
Not Vulnerable	Apache Software Foundation Apache 2.1.6 Apache Software Foundation Apache 2.0.55
Code	No exploit is required. Demonstration proof of concepts are available in the referenced Watchfire paper 'HTTP Request Smuggling'.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-01-09 MODx Prior to 0.9.6.3 Multiple Cross Site Scripting Vulnerabilities
• 2009-01-09 Check Point SecurePlatform Unspecified Remote Security Vulnerability
• 2009-01-09 Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
• 2009-01-09 NetGear WG102 SNMP Write Community String Information Disclosure Vulnerability
• 2009-01-09 Serv-U Remote Denial of Service Vulnerabilities
• 2009-01-09 QuoteBook Information Disclosure, SQL Injection and HTML Injection Vulnerabilities
• 2009-01-08 Oracle January 2009 Oracle Critical Patch Update Pre-Release Announcement Multiple Vulnerabilities
• 2009-01-08 Microsoft January 2009 Advance Notification Multiple Vulnerabilities
• 2009-01-08 IBM WebSphere DataPower XML Security Gateway XS40 Remote Denial Of Service Vulnerability
• 2009-01-08 Drupal Project Release Module Multiple Remote Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 10 Jan 2009 04:07:23 +0000