CVE-2005-3751 - OpenCVE

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apsis	Pound

Configuration 1 [-]

cpe:2.3:a:apsis:pound:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/18367	Vendor Advisory
http://secunia.com/advisories/18381	Vendor Advisory
http://secunia.com/advisories/20215	Vendor Advisory
http://secunia.com/advisories/20510	Vendor Advisory
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
http://www.debian.org/security/2005/dsa-934
http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
http://www.novell.com/linux/security/advisories/2006_05_19.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-22T20:00:00

Updated: 2006-01-12T10:00:00

Reserved: 2005-11-22T00:00:00

Link: CVE-2005-3751

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-11-22T20:03:00.000

Modified: 2008-09-05T20:55:11.837

Link: CVE-2005-3751

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-20T00:00:00", "descriptions": [{"lang": "en", "value": "HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-01-12T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-934", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-934"}, {"name": "18367", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18367"}, {"name": "SUSE-SR:2006:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"}, {"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"}, {"name": "GLSA-200606-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"}, {"name": "20215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20215"}, {"name": "18381", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18381"}, {"name": "20510", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20510"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3751", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-934", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-934"}, {"name": "18367", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18367"}, {"name": "SUSE-SR:2006:011", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_05_19.html"}, {"name": "[pound-list] 20051020 ANNOUNCE: Pound - reverse proxy and load balancer - v1.9.4", "refsource": "MLIST", "url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000"}, {"name": "GLSA-200606-05", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml"}, {"name": "20215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20215"}, {"name": "18381", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18381"}, {"name": "20510", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20510"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3751", "datePublished": "2005-11-22T20:00:00", "dateReserved": "2005-11-22T00:00:00", "dateUpdated": "2006-01-12T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}