CVE-2005-3751

Name of the Vulnerable Software and Affected Versions Pound versions prior to 1.9.4

Description The issue allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers. Multiple vulnerabilities in the Pound package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For versions prior to 1.9.4, update to version 1.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP requests with conflicting Content-length and Transfer-encoding headers to minimize the risk of exploitation.