Oval Definition:oval:org.opensuse.security:def:20052090
Revision Date:2015-11-16Version:1
Title:CVE-2005-2090
Description:
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Family:unixClass:vulnerability
Status:Reference(s):CVE-2005-2090
Platform(s):Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
Open Enterprise Server
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for Itanium Processor Family
SUSE CORE 9 for x86
SUSE LINUX 10.1
Product(s):
Definition Synopsis
  • Release Information
  • sles9-nld-sdk is installed
  • AND jakarta-tomcat less than 5.0.19-29.11
  • OR
  • sles9-oes is installed
  • apache-jakarta-tomcat-connectors less than 5.0.19-29.11
  • OR apache2-jakarta-tomcat-connectors less than 5.0.19-29.11
  • OR jakarta-tomcat-doc less than 5.0.19-29.11
  • OR jakarta-tomcat-examples less than 5.0.19-29.11
  • OR jakarta-tomcat less than 5.0.19-29.11
  • OR Package Information
  • suse101 is installed
  • AND
  • mod_jk-ap20 less than 4.1.30-0.2
  • OR tomcat5-admin-webapps less than 5.0.30-27.21
  • OR tomcat5-webapps less than 5.0.30-27.21
  • OR tomcat5 less than 5.0.30-27.21
    • BACK