CVE-2005-3751HTTP Request Smuggling in Pound

6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.8%
top 17.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apsis Pound
Timeline
PublishedNov 22
Latest updateMay 1

Description

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianapsis/pound< 1.9.4-1+2
NVDapsis/pound1.9.3

🔴Vulnerability Details

3
GHSA
GHSA-5349-pqgh-vm4f: HTTP request smuggling vulnerability in Pound before 12022-05-01
OSV
CVE-2005-3751: HTTP request smuggling vulnerability in Pound before 12005-11-22
CVEList
CVE-2005-3751: HTTP request smuggling vulnerability in Pound before 12005-11-22

📋Vendor Advisories

1
Debian
CVE-2005-3751: pound - HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attacke...2005

💬Community

1
Bugzilla
CVE-2016-10711 Pound: request smuggling via crafted headers2018-01-30
CVE-2005-3751 — HTTP Request Smuggling in Apsis Pound | cvebase