CVE-2005-3751

Sažetak

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

Reference

http://secunia.com/advisories/18367
http://secunia.com/advisories/18381
http://secunia.com/advisories/20215
http://secunia.com/advisories/20510
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
http://www.debian.org/security/2005/dsa-934
http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
http://www.novell.com/linux/security/advisories/2006_05_19.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:55

Objavljeno

22-11-2005 - 20:03