Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities

Bugtraq ID:	13873
Class:	Input Validation Error
CVE:	CVE-2005-2090
Remote:	Yes
Local:	No
Published:	Jun 06 2005 12:00AM
Updated:	Jan 26 2009 11:19PM
Credit:	Discovery of these issues is credited to Chaim Linhart, Amit Klein, Ronen Heled, and Steve Orrin of Watchfire.
Vulnerable:	VMWare VirtualCenter Management Server 2 VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 Sun Solaris 9_x86 Sun Solaris 9_sparc Sun Solaris 9 Sun Solaris 10_x86 Sun Solaris 10_sparc Sun Solaris 10 Sun ONE Web Server 6.1 SP4 Sun ONE Web Server 6.1 SP2 Sun ONE Web Server 6.1 SP1 Sun ONE Web Server 6.1 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE Linux Enterprise Server 9 SP3 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. SUSE Linux Enterprise 10 SP1 DEBUGINFO S.u.S.E. SLE SDK 10.SP1 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. openSUSE 10.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Office Server S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 x86_64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 x86_64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 + Linux kernel 2.6.5 S.u.S.E. Linux Enterprise SDK 10 SP1 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc RedHat Red Hat Network Satellite Server 5.0 RedHat Red Hat Network Satellite Server 4.2 RedHat Red Hat Network Satellite Server 4.1 RedHat Red Hat Network Satellite Server 4.0 RedHat Network Satellite (for RHEL 4) 4.2 RedHat Enterprise Linux Virtualization 5 server RedHat Enterprise Linux Supplementary 5 server RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux Hardware Certification 5 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop Supplementary 5 client RedHat Enterprise Linux Desktop Multi OS 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux 5 server RedHat Network Satellite (for RHEL 3) 4.2 Oracle Oracle9i Application Server Web Cache 9.0.2 .3 Oracle Oracle9i Application Server Web Cache 9.0.2 .2 + Oracle iStore 11i 11i.IBE.O Oracle Oracle9i Application Server 9.0.2 Microsoft IIS 6.0 + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition Microsoft IIS 5.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server + Microsoft Windows 2000 Server IBM Websphere Application Server 5.1.1 .3 IBM Websphere Application Server 5.1.1 .2 IBM Websphere Application Server 5.1.1 .1 IBM Websphere Application Server 5.1.1 IBM Websphere Application Server 5.1 .0.5 IBM Websphere Application Server 5.1 .0.4 IBM Websphere Application Server 5.1 .0.3 IBM Websphere Application Server 5.1 .0.2 IBM Websphere Application Server 5.1 IBM Websphere Application Server 5.0.2 .9 IBM Websphere Application Server 5.0.2 .8 IBM Websphere Application Server 5.0.2 .7 IBM Websphere Application Server 5.0.2 .6 IBM Websphere Application Server 5.0.2 .5 IBM Websphere Application Server 5.0.2 .4 IBM Websphere Application Server 5.0.2 .3 IBM Websphere Application Server 5.0.2 .2 IBM Websphere Application Server 5.0.2 .10 IBM Websphere Application Server 5.0.2 .1 IBM Websphere Application Server 5.0.2 IBM Websphere Application Server 5.0.1 IBM Websphere Application Server 5.0 DeleGate DeleGate 8.11.1 DeleGate DeleGate 8.11 DeleGate DeleGate 8.10.6 DeleGate DeleGate 8.10.5 DeleGate DeleGate 8.10.4 DeleGate DeleGate 8.10.3 DeleGate DeleGate 8.10.2 DeleGate DeleGate 8.10.1 DeleGate DeleGate 8.10 DeleGate DeleGate 8.9.6 DeleGate DeleGate 8.9.5 DeleGate DeleGate 8.9.4 DeleGate DeleGate 8.9.3 DeleGate DeleGate 8.9.2 DeleGate DeleGate 8.9.1 DeleGate DeleGate 8.9 Computer Associates Unicenter Service Desk 11.2 Computer Associates Cohesion Application Configuration Manager 4.5 Computer Associates CMDB 11.1 BEA Systems Weblogic Server 8.1 SP 1 BEA Systems WebLogic Express 8.1 SP 1 Avaya AES 4.0 Avaya AES 3.1 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apache Software Foundation Tomcat 5.0.30 Apache Software Foundation Tomcat 5.0.19 Apache Software Foundation Tomcat 5.0 Apache Software Foundation Tomcat 4.1.24 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 Apache Software Foundation Apache 2.0.50 Apache Software Foundation Apache 2.0.49 + S.u.S.E. Linux Personal 9.1 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.48 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux Personal 9.0 x86_64 + S.u.S.E. Linux Personal 9.0 + S.u.S.E. Linux Personal 8.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Apache Software Foundation Apache 2.0.47 Apache Software Foundation Apache 2.0.46 Apache Software Foundation Apache 2.0.45 Apache Software Foundation Apache 1.3.29 + Apple Mac OS X 10.3.5 + Apple Mac OS X 10.2.7 + Apple Mac OS X Server 10.3.5 + Apple Mac OS X Server 10.2.7 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + OpenPKG OpenPKG 2.0

Not Vulnerable:	Computer Associates Cohesion Application Configuration Manager 4.5 SP1