Oval Definition:oval:org.mitre.oval:def:1237
Revision Date:2010-09-20Version:20
Title:Webproxy HTTP Request Smuggling (B.11.04)
Description:The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-2088
Platform(s):HP-UX 11
Product(s):Apache
Definition Synopsis
  • VirtualvaultTS A.04.70 is installed without patch PHSS_34169 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND VirtualvaultTS A.04.70 is installed
  • AND NOT Patch PHSS_34169 is installed
  • OR VirtualvaultWS A.04.70 is installed without patch PHSS_34121 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND VirtualvaultWS A.04.70 is installed
  • AND NOT Patch PHSS_34121 is installed
  • OR VirtualvaultTS A.04.60 is installed without patch PHSS_34170 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND VirtualvaultTS A.04.60 is installed
  • AND NOT Patch PHSS_34170 is installed
  • OR VirtualvaultWS A.04.60 is installed without patch PHSS_34120 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND VirtualvaultWS A.04.60 is installed
  • AND NOT Patch PHSS_34120 is installed
  • OR VirtualvaultTS A.04.50 is installed without patch PHSS_34171 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND VirtualvaultTS A.04.50 is installed
  • AND NOT Patch PHSS_34171 is installed
  • OR VirtualvaultWS A.04.50 is installed without patch PHSS_34119 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND VirtualvaultWS A.04.50 is installed
  • AND NOT Patch PHSS_34119 is installed
  • OR HP_Webproxy.HPWEB-PX-CORE A.02.10 is installed without patch PHSS_34203 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND HP_Webproxy.HPWEB-PX-CORE A.02.10 is installed
  • AND NOT Patch PHSS_34203 is installed
  • OR HP_Webproxy.HPWEB-PX-CORE A.02.00 is installed without patch PHSS_34204 or later
  • 700 Series or 800 Series OS Release 11.04
  • 700 Series OS Release 11.04
  • 700-series HP
  • AND HP Release B.11.04
  • OR 800 Series OS Release 11.04
  • 800-series HP
  • AND HP Release B.11.04
  • AND HP_Webproxy.HPWEB-PX-CORE A.02.00 is installed
  • AND NOT Patch PHSS_34204 is installed
    • BACK