Lucene search
F5F5:K16828HistoryJul 02, 2015 - 12:00 a.m.
K16828 : Apache Tomcat vulnerability CVE-2005-2090
2015-07-0200:00:00
my.f5.com
311
Security Advisory Description
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a “Transfer-Encoding: chunked” header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka “HTTP Request Smuggling”. (CVE-2005-2090)
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
cve
cve
CVE-2005-2090
2005-07-05 04:00:00
CVE-2013-4286
2014-02-26 14:55:08
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
nessus
nessus
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
2011-11-18 00:00:00
Apache Tomcat 7.0.0 < 7.0.47 multiple vulnerabilities
2019-01-11 00:00:00
Apache Tomcat 8.0.0 < 8.0.0-RC3 multiple vulnerabilities
2024-05-23 00:00:00
f5
f5
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
veracode
veracode
HTTP Request Smuggling
2018-11-13 06:55:19
Request-smuggling Attacks
2019-01-15 08:59:20
github
github
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
tomcat
tomcat
Fixed in Apache Tomcat 5.5.23, 5.0.SVN
2007-03-09 00:00:00
Fixed in Apache Tomcat 8.0.0-RC3
2013-09-23 00:00:00
Fixed in Apache Tomcat 7.0.47
2013-10-24 00:00:00
osv
osv
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
cvelist
cvelist
CVE-2005-2090
2005-06-30 04:00:00
CVE-2013-4286
2014-02-26 11:00:00
nvd
nvd
CVE-2005-2090
2005-07-05 04:00:00
CVE-2013-4286
2014-02-26 14:55:08
ubuntucve
ubuntucve
CVE-2013-4286
2014-02-26 00:00:00
debiancve
debiancve
CVE-2013-4286
2014-02-26 14:55:00
seebug
seebug
Apache Tomcat不完整修复信息泄漏漏洞
2014-02-27 00:00:00
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
securityvulns
securityvulns
prion
prion
Design/Logic Flaw
2014-02-26 14:55:00
openvas
openvas
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
Fedora Update for Pound FEDORA-2014-13777
2014-11-12 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
redhat
redhat
(RHSA-2007:0360) Important: jbossas security update
2007-05-24 00:00:00
(RHSA-2007:0328) Important: tomcat security update
2007-05-24 00:00:00
(RHSA-2007:0327) Important: tomcat security update
2007-05-14 00:00:00
vmware
vmware
fedora
fedora
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
oraclelinux
oraclelinux
Important: tomcat security update
2007-06-26 00:00:00
