Computer Crime Research Center


Apache HTTP server vulnerability

Date: July 05, 2005


Apache is prone to an HTTP request smuggling attack.
A specially crafted request with a 'Transfer-Encoding: chunked' header and a 'Content-Length' can cause the server to forward a reassembled request with the original 'Content-Length' header. Due to this, the malicious request may piggyback with the valid HTTP request.
It is possible that this attack may result in cache poisoning, cross-site scripting, session hijacking and other attacks.
This issue was originally described in BID 13873 (Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities). Due to the availability of more details and vendor confirmation, it is being assigned a new BID.


No exploit is required. Demonstration proof of concepts are available in the referenced Watchfire paper 'HTTP Request Smuggling'.


The vendor has released Apache 2.1.6 to address this issue in the 2.1.x branch. A fix for the 2.0 branch is also available in the Apache SVN repository.
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-11-23 05:50:16 - Auto insurance... Cheapest auto insurance
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo