CVE-2005-2088

Name of the Vulnerable Software and Affected Versions: Apache HTTP server versions 1.3.x through 1.3.33 Apache HTTP server versions 2.0.x through 2.0.54

Description: A flaw occurs when using the Apache server as an HTTP proxy. A remote attacker could send an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request. This could allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks.

Recommendations: For Apache HTTP server versions 1.3.x through 1.3.33, update to version 1.3.34 or later. For Apache HTTP server versions 2.0.x through 2.0.54, update to version 2.0.55 or later. As a temporary workaround, consider disabling the HTTP proxy functionality until a patch is available. Restrict access to the HTTP proxy module to minimize the risk of exploitation.