CVE-2005-2088

N/A Unknown
Published: July 05, 2005 Modified: April 16, 2026
View on NVD

Description

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://docs.info.apple.com/article.html?artnum=302847
Source: secalert@redhat.com
Broken Link
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Source: secalert@redhat.com
Broken Link
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Source: secalert@redhat.com
Issue Tracking Mailing List Third Party Advisory
http://secunia.com/advisories/14530
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/17319
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/17487
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/17813
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/19072
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/19073
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/19185
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/19317
Source: secalert@redhat.com
Not Applicable
http://secunia.com/advisories/23074
Source: secalert@redhat.com
Not Applicable
http://securityreason.com/securityalert/604
Source: secalert@redhat.com
Exploit Third Party Advisory
http://securitytracker.com/id?1014323
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
Source: secalert@redhat.com
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
Source: secalert@redhat.com
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
Source: secalert@redhat.com
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Source: secalert@redhat.com
Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
Source: secalert@redhat.com
Broken Link Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
Source: secalert@redhat.com
Broken Link Third Party Advisory
http://www.apache.org/dist/httpd/CHANGES_1.3
Source: secalert@redhat.com
Broken Link Vendor Advisory
http://www.apache.org/dist/httpd/CHANGES_2.0
Source: secalert@redhat.com
Broken Link Vendor Advisory
http://www.debian.org/security/2005/dsa-803
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-805
Source: secalert@redhat.com
Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
Source: secalert@redhat.com
Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_18_sr.html
Source: secalert@redhat.com
Broken Link
http://www.novell.com/linux/security/advisories/2005_46_apache.html
Source: secalert@redhat.com
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-582.html
Source: secalert@redhat.com
Broken Link Third Party Advisory
http://www.securiteam.com/securityreviews/5GP0220G0U.html
Source: secalert@redhat.com
Broken Link Exploit
http://www.securityfocus.com/archive/1/428138/100/0/threaded
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14106
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/15647
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-160-2
Source: secalert@redhat.com
Broken Link
http://www.vupen.com/english/advisories/2005/2140
Source: secalert@redhat.com
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2005/2659
Source: secalert@redhat.com
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2006/0789
Source: secalert@redhat.com
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2006/1018
Source: secalert@redhat.com
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2006/4680
Source: secalert@redhat.com
Broken Link Permissions Required
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
Source: secalert@redhat.com
Broken Link
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
Source: secalert@redhat.com
Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Mailing List Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
Source: secalert@redhat.com
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
Source: secalert@redhat.com
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
Source: secalert@redhat.com
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
Source: secalert@redhat.com
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
Source: secalert@redhat.com
Broken Link Third Party Advisory
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
Source: secalert@redhat.com
Broken Link
http://docs.info.apple.com/article.html?artnum=302847
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Mailing List Third Party Advisory
http://secunia.com/advisories/14530
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/17319
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/17487
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/17813
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/19072
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/19073
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/19185
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/19317
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/23074
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://securityreason.com/securityalert/604
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
http://securitytracker.com/id?1014323
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.600000
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
http://www.apache.org/dist/httpd/CHANGES_1.3
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.apache.org/dist/httpd/CHANGES_2.0
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Vendor Advisory
http://www.debian.org/security/2005/dsa-803
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-805
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:130
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_18_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.novell.com/linux/security/advisories/2005_46_apache.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-582.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
http://www.securiteam.com/securityreviews/5GP0220G0U.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit
http://www.securityfocus.com/archive/1/428138/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14106
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/15647
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-160-2
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2005/2140
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2005/2659
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2006/0789
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2006/1018
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Permissions Required
http://www.vupen.com/english/advisories/2006/4680
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Permissions Required
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00612828
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
https://secure-support.novell.com/KanisaPlatform/Publishing/741/3222109_f.SAL_Public.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

118 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
54.3%
98th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-444

Affected Vendors

debian apache

Related CVEs

CVE-2026-41279 N/A
CVE-2026-41278 N/A
CVE-2026-41277 N/A
CVE-2026-41276 N/A
CVE-2026-41275 N/A