published date: July 5, 2005

CVE-2005-2090 : HTTP Request Smuggling Vulnerability

Description

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Product(s):

Apache Software Foundation Tomcat 4.1.24
Apache Software Foundation Tomcat 5.0.19

CVSS:4.3 [Critical]
EPSS:81.99%
Exploitability:8.6
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2005-2090, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2005-2090 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2005-2090

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales