|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-05] Pound: HTTP request smuggling Vulnerability Scan
Vulnerability Scan Summary Pound: HTTP request smuggling
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-05
(Pound: HTTP request smuggling)
Pound fails to handle HTTP requests with conflicting
"Content-Length" and "Transfer-Encoding" headers correctly.
Impact
A possible hacker could exploit this vulnerability by sending HTTP
requests with specially crafted "Content-Length" and
"Transfer-Encoding" headers to bypass certain security restrictions or
to poison the web proxy cache.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3751
Solution:
All Pound users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/pound-2.0.5"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|