Apache – CVE-2005-2088

Description

Cytrix has detected that the version of Apache HTTP Server being used is vulnerable to several types of attacks. Also known as CVE-2005-2088.

When acting as an HTTP proxy, remote attackers are allowed to conduct Cache Poisoning and bypass WAFs (Web Application Firewall).
They can also initiate XSS attacks by an HTTP request with both a “Transfer-Encoding: chunked” header and a “Content-Length” header.
That will cause Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request. In other words, he will perform a “HTTP Request Smuggling”.

Recommendation

To fix CVE-2005-2088, upgrade the version of Apache Server being used to 2.0.55.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »