RHSA-2005:582 - Security Advisory
Watchfire reported a flaw that occured when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a "Content-Length" header. This caused Apache to incorrectly handle and forward the body of the request in a way that the receiving server processes it as a separate HTTP request. This could allow the bypass of Web application firewall rotection or lead to cross-site scripting (XSS) attacks. The Common ulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-005-2088 to this issue.
Facebook
Twitter
