Back to search
CVE-2005-2090
Published: Jun 30, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://tomcat.apache.org/security-4.html
x_refsource_CONFIRM
30908
third-party-advisory
x_refsource_SECUNIA
ADV-2007-2732
vdb-entry
x_refsource_VUPEN
13873
vdb-entry
x_refsource_BID
239312
vendor-advisory
x_refsource_SUNALERT
ADV-2007-3087
vdb-entry
x_refsource_VUPEN
30899
third-party-advisory
x_refsource_SECUNIA
29242
third-party-advisory
x_refsource_SECUNIA
ADV-2008-1979
vdb-entry
x_refsource_VUPEN
APPLE-SA-2007-07-31
vendor-advisory
x_refsource_APPLE
ADV-2008-0065
vdb-entry
x_refsource_VUPEN
20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)
mailing-list
x_refsource_BUGTRAQ
SUSE-SR:2008:005
vendor-advisory
x_refsource_SUSE
33668
third-party-advisory
x_refsource_SECUNIA
20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1
mailing-list
x_refsource_BUGTRAQ
20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
mailing-list
x_refsource_BUGTRAQ
RHSA-2007:0360
vendor-advisory
x_refsource_REDHAT
ADV-2009-0233
vdb-entry
x_refsource_VUPEN
oval:org.mitre.oval:def:10499
vdb-entry
signature
x_refsource_OVAL
28365
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
ADV-2007-3386
vdb-entry
x_refsource_VUPEN
http://www.securiteam.com/securityreviews/5GP0220G0U.html
x_refsource_MISC
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
x_refsource_MISC
RHSA-2007:0327
vendor-advisory
x_refsource_REDHAT
27037
third-party-advisory
x_refsource_SECUNIA
1014365
vdb-entry
x_refsource_SECTRACK
http://docs.info.apple.com/article.html?artnum=306172
x_refsource_CONFIRM
SSRT071447
vendor-advisory
x_refsource_HP
HPSBUX02262
vendor-advisory
x_refsource_HP
http://tomcat.apache.org/security-5.html
x_refsource_CONFIRM
25159
vdb-entry
x_refsource_BID
26660
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0261
vendor-advisory
x_refsource_REDHAT
20050606 A new whitepaper by Watchfire - HTTP Request Smuggling
mailing-list
x_refsource_BUGTRAQ
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
x_refsource_CONFIRM
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
x_refsource_CONFIRM
26235
third-party-advisory
x_refsource_SECUNIA
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now