Vulnerability Description
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apsis | Pound | <= 1.9.3 |
References
- http://secunia.com/advisories/18367Vendor Advisory
- http://secunia.com/advisories/18381Vendor Advisory
- http://secunia.com/advisories/20215Vendor Advisory
- http://secunia.com/advisories/20510Vendor Advisory
- http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_ht
- http://www.debian.org/security/2005/dsa-934
- http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
- http://www.novell.com/linux/security/advisories/2006_05_19.html
- http://secunia.com/advisories/18367Vendor Advisory
- http://secunia.com/advisories/18381Vendor Advisory
- http://secunia.com/advisories/20215Vendor Advisory
- http://secunia.com/advisories/20510Vendor Advisory
- http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_ht
- http://www.debian.org/security/2005/dsa-934
- http://www.gentoo.org/security/en/glsa/glsa-200606-05.xml
FAQ
What is CVE-2005-3751?
CVE-2005-3751 is a vulnerability with a CVSS score of 4.3 (MEDIUM). HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with co...
How severe is CVE-2005-3751?
CVE-2005-3751 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3751?
Check the references section above for vendor advisories and patch information. Affected products include: Apsis Pound.