>> Apache HTTP Server Security Update Fixes Multiple Vulnerabilities
Title : Apache HTTP Server Security Update Fixes Multiple Vulnerabilities VUPEN ID : VUPEN/ADV-2005-2140 CVE ID : CVE-2005-2088
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-10-19
Technical Description
Multiple vulnerabilities were identified in Apache HTTP Server, which could be exploited by attackers to bypass certain security policies and restrictions.
The first flaw is due to an error when processing an HTTP request containing both a "Transfer-Encoding: chunked" header and a "Content-Length" header, which could allow the bypass of Web application firewall protection or lead to cross site scripting attacks. For additional information, see : VUPEN/ADV-2005-1208
The second issue is due to an error in the "TraceEnable" directive, which could cause the proxy server to accept a TRACE request body although the RFC 2616 prohibited it.
