JVN/CVE Demo: Cveinfos

CVE

Id: 13296
CVE No.: CVE-2005-2090
Status: Candidate
Description: Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Phase: Assigned (20050630)
Votes: None (candidate not yet proposed)
Comments

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
95937	13296	CVE-2005-2090	BUGTRAQ:20050606 A new whitepaper by Watchfire - HTTP Request Smuggling	View
95938	13296	CVE-2005-2090	URL:http://seclists.org/lists/bugtraq/2005/Jun/0025.html	View
95939	13296	CVE-2005-2090	BUGTRAQ:20080108 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1	View
95940	13296	CVE-2005-2090	URL:http://www.securityfocus.com/archive/1/archive/1/485938/100/0/threaded	View
95941	13296	CVE-2005-2090	BUGTRAQ:20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)	View
95942	13296	CVE-2005-2090	URL:http://www.securityfocus.com/archive/1/archive/1/500412/100/0/threaded	View
95943	13296	CVE-2005-2090	BUGTRAQ:20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities	View
95944	13296	CVE-2005-2090	URL:http://www.securityfocus.com/archive/1/archive/1/500396/100/0/threaded	View
95945	13296	CVE-2005-2090	MLIST:[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1	View
95946	13296	CVE-2005-2090	URL:http://lists.vmware.com/pipermail/security-announce/2008/000003.html	View
95947	13296	CVE-2005-2090	MISC:http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf	View
95948	13296	CVE-2005-2090	MISC:http://www.securiteam.com/securityreviews/5GP0220G0U.html	View
95949	13296	CVE-2005-2090	CONFIRM:http://tomcat.apache.org/security-4.html	View
95950	13296	CVE-2005-2090	CONFIRM:http://tomcat.apache.org/security-5.html	View
95951	13296	CVE-2005-2090	CONFIRM:http://tomcat.apache.org/security-6.html	View
95952	13296	CVE-2005-2090	CONFIRM:http://docs.info.apple.com/article.html?artnum=306172	View
95953	13296	CVE-2005-2090	CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html	View
95954	13296	CVE-2005-2090	CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm	View
95955	13296	CVE-2005-2090	CONFIRM:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx	View
95956	13296	CVE-2005-2090	CONFIRM:http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540	View
95957	13296	CVE-2005-2090	APPLE:APPLE-SA-2007-07-31	View
95958	13296	CVE-2005-2090	URL:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	View
95959	13296	CVE-2005-2090	HP:HPSBUX02262	View
95960	13296	CVE-2005-2090	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	View
95961	13296	CVE-2005-2090	HP:SSRT071447	View
95962	13296	CVE-2005-2090	URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795	View
95963	13296	CVE-2005-2090	REDHAT:RHSA-2007:0327	View
95964	13296	CVE-2005-2090	URL:http://www.redhat.com/support/errata/RHSA-2007-0327.html	View
95965	13296	CVE-2005-2090	REDHAT:RHSA-2007:0360	View
95966	13296	CVE-2005-2090	URL:http://www.redhat.com/support/errata/RHSA-2007-0360.html	View
95967	13296	CVE-2005-2090	REDHAT:RHSA-2008:0261	View
95968	13296	CVE-2005-2090	URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html	View
95969	13296	CVE-2005-2090	SUNALERT:239312	View
95970	13296	CVE-2005-2090	URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	View
95971	13296	CVE-2005-2090	SUSE:SUSE-SR:2008:005	View
95972	13296	CVE-2005-2090	URL:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	View
95973	13296	CVE-2005-2090	BID:25159	View
95974	13296	CVE-2005-2090	URL:http://www.securityfocus.com/bid/25159	View
95975	13296	CVE-2005-2090	BID:13873	View
95976	13296	CVE-2005-2090	URL:http://www.securityfocus.com/bid/13873	View
95977	13296	CVE-2005-2090	OVAL:oval:org.mitre.oval:def:10499	View
95978	13296	CVE-2005-2090	URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10499	View
95979	13296	CVE-2005-2090	VUPEN:ADV-2007-2732	View
95980	13296	CVE-2005-2090	URL:http://www.vupen.com/english/advisories/2007/2732	View
95981	13296	CVE-2005-2090	VUPEN:ADV-2007-3087	View
95982	13296	CVE-2005-2090	URL:http://www.vupen.com/english/advisories/2007/3087	View
95983	13296	CVE-2005-2090	VUPEN:ADV-2007-3386	View
95984	13296	CVE-2005-2090	URL:http://www.vupen.com/english/advisories/2007/3386	View
95985	13296	CVE-2005-2090	VUPEN:ADV-2008-0065	View
95986	13296	CVE-2005-2090	URL:http://www.vupen.com/english/advisories/2008/0065	View
95987	13296	CVE-2005-2090	VUPEN:ADV-2008-1979	View
95988	13296	CVE-2005-2090	URL:http://www.vupen.com/english/advisories/2008/1979/references	View
95989	13296	CVE-2005-2090	VUPEN:ADV-2009-0233	View
95990	13296	CVE-2005-2090	URL:http://www.vupen.com/english/advisories/2009/0233	View
95991	13296	CVE-2005-2090	SECTRACK:1014365	View
95992	13296	CVE-2005-2090	URL:http://securitytracker.com/id?1014365	View
95993	13296	CVE-2005-2090	SECUNIA:26235	View
95994	13296	CVE-2005-2090	URL:http://secunia.com/advisories/26235	View
95995	13296	CVE-2005-2090	SECUNIA:26660	View
95996	13296	CVE-2005-2090	URL:http://secunia.com/advisories/26660	View
95997	13296	CVE-2005-2090	SECUNIA:27037	View
95998	13296	CVE-2005-2090	URL:http://secunia.com/advisories/27037	View
95999	13296	CVE-2005-2090	SECUNIA:28365	View
96000	13296	CVE-2005-2090	URL:http://secunia.com/advisories/28365	View
96001	13296	CVE-2005-2090	SECUNIA:29242	View
96002	13296	CVE-2005-2090	URL:http://secunia.com/advisories/29242	View
96003	13296	CVE-2005-2090	SECUNIA:30908	View
96004	13296	CVE-2005-2090	URL:http://secunia.com/advisories/30908	View
96005	13296	CVE-2005-2090	SECUNIA:30899	View
96006	13296	CVE-2005-2090	URL:http://secunia.com/advisories/30899	View
96007	13296	CVE-2005-2090	SECUNIA:33668	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
62364	JVNDB-2005-000566	BEA 製品の Web キャッシュ汚染によるクロスサイトスクリプティングおよび WAF のフィルタリングを回避される脆弱性	------------	CVE-2005-2092	13296	4.3		http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000566.html	View

Message	Memory use
Component initialization	1.39 MB
Controller action start	1.49 MB
Controller render start	2.37 MB
View render complete	2.89 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.67
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	412.80
Event: Controller.beforeRender	5.53
» Processing toolbar data	5.43
Rendering View	20.61
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	19.60
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.58
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.12
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/13296
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/13296
Remote Port	56709
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.154
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.14.45
Http Via	1.1 squid-proxy-5b5d847c96-mw4wx (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Suspectharddos	1
Suspectdos	1
X Dostranslated Ip	216.73.216.154
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.154
Unique Id	aJYOM4cDU_dgIma9WT-ZXwAAAGg
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Suspectharddos	1
Redirect Suspectdos	1
Redirect X Dostranslated Ip	216.73.216.154
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.154
Redirect Unique Id	aJYOM4cDU_dgIma9WT-ZXwAAAGg
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect Suspectharddos	1
Redirect Redirect Suspectdos	1
Redirect Redirect X Dostranslated Ip	216.73.216.154
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.154
Redirect Redirect Unique Id	aJYOM4cDU_dgIma9WT-ZXwAAAGg
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1754664499.5771
Request Time	1754664499

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files