// For flags

CVE-2005-2090

tomcat multiple content-length header poisioning

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Apache Tomcat versions 8.0.0-RC1, 7.0.0 through 7.0.42, and 6.0.0 through 6.0.37 suffer from an information disclosure vulnerability due to an incomplete fix for CVE-2005-2090.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-06-30 CVE Reserved
  • 2005-06-30 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-04-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (37)
URL Tag Source
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx Broken Link
http://docs.info.apple.com/article.html?artnum=306172 Broken Link
http://lists.vmware.com/pipermail/security-announce/2008/000003.html Mailing List
http://seclists.org/lists/bugtraq/2005/Jun/0025.html Mailing List
http://securitytracker.com/id?1014365 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm Third Party Advisory
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 Broken Link
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html Third Party Advisory
http://www.securityfocus.com/archive/1/485938/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/500396/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/500412/100/0/threaded Mailing List
http://www.securityfocus.com/bid/13873 Third Party Advisory
http://www.securityfocus.com/bid/25159 Third Party Advisory
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf Third Party Advisory
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499 Signature
URL Date SRC
http://www.securiteam.com/securityreviews/5GP0220G0U.html 2024-08-07
URL Date SRC
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 2023-11-07
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html 2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1 2023-11-07
http://tomcat.apache.org/security-4.html 2023-11-07
http://tomcat.apache.org/security-5.html 2023-11-07
http://tomcat.apache.org/security-6.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-0327.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2007-0360.html 2023-11-07
http://www.redhat.com/support/errata/RHSA-2008-0261.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2005-2090 2010-08-04
https://bugzilla.redhat.com/show_bug.cgi?id=237079 2010-08-04
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 4.1.24
Search vendor "Apache" for product "Tomcat" and version "4.1.24"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 5.0.19
Search vendor "Apache" for product "Tomcat" and version "5.0.19"
-
Affected