← back
CVE-2005-3751

CVE-2005-3751

EPSS 1.5%
HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/18367http://secunia.com/advisories/18381http://secunia.com/advisories/20215http://secunia.com/advisories/20510http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000http://www.debian.org/security/2005/dsa-934http://www.gentoo.org/security/en/glsa/glsa-200606-05.xmlhttp://www.novell.com/linux/security/advisories/2006_05_19.html