Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities

Bugtraq ID: 13873
Class: Input Validation Error
CVE: CVE-2005-2090
Remote: Yes
Local: No
Published: Jun 06 2005 12:00AM
Updated: Aug 05 2010 08:45PM
Credit: Discovery of these issues is credited to Chaim Linhart, Amit Klein, Ronen Heled, and Steve Orrin of Watchfire.
Vulnerable: VMWare VirtualCenter Management Server 2
VMWare ESX Server 3.0.2
VMWare ESX Server 3.0.1
SuSE SUSE Linux Enterprise Server 9 SP3
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE SUSE Linux Enterprise SDK 10 SP1
SuSE SUSE Linux Enterprise SDK 10
SuSE SUSE Linux Enterprise Desktop 10 SP1
SuSE SUSE Linux Enterprise Desktop 10
SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO
SuSE openSUSE 10.3
SuSE Linux Professional 10.2 x86_64
SuSE Linux Personal 10.2 x86_64
Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 10_x86
Sun Solaris 10_sparc
Sun ONE Web Server 6.1 SP4
Sun ONE Web Server 6.1 SP2
Sun ONE Web Server 6.1 SP1
Sun ONE Web Server 6.1
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SuSE Linux Open-Xchange 4.1
S.u.S.E. openSUSE 10.2
S.u.S.E. openSUSE 10.1
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Office Server
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop SDK 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Desktop 10
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
RedHat Network Satellite (for RHEL 4) 4.2
RedHat Enterprise Linux Virtualization 5 server
RedHat Enterprise Linux Optional Productivity Application 5 server
RedHat Enterprise Linux Hardware Certification 5
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop Multi OS 5 client
RedHat Certificate Server 7.3
Red Hat Red Hat Network Satellite Server 5.0
Red Hat Red Hat Network Satellite Server 4.2
Red Hat Red Hat Network Satellite Server 4.1
Red Hat Red Hat Network Satellite Server 4.0
Red Hat Network Satellite (for RHEL 3) 4.2
Red Hat Enterprise Linux Supplementary 5 server
Red Hat Enterprise Linux Desktop Supplementary 5 client
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux 5 Server
Oracle Oracle9i Application Server Web Cache 9.0.2 .3
Oracle Oracle9i Application Server Web Cache 9.0.2 .2
+ Oracle iStore 11i 11i.IBE.O
Oracle Oracle9i Application Server 9.0.2
Novell ZENworks Linux Management 7.3
Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
IBM Websphere Application Server 5.1.1 .3
IBM Websphere Application Server 5.1.1 .2
IBM Websphere Application Server 5.1.1 .1
IBM Websphere Application Server 5.1.1
IBM Websphere Application Server 5.1 .0.5
IBM Websphere Application Server 5.1 .0.4
IBM Websphere Application Server 5.1 .0.3
IBM Websphere Application Server 5.1 .0.2
IBM Websphere Application Server 5.1
IBM Websphere Application Server 5.0.2 .9
IBM Websphere Application Server 5.0.2 .8
IBM Websphere Application Server 5.0.2 .7
IBM Websphere Application Server 5.0.2 .6
IBM Websphere Application Server 5.0.2 .5
IBM Websphere Application Server 5.0.2 .4
IBM Websphere Application Server 5.0.2 .3
IBM Websphere Application Server 5.0.2 .2
IBM Websphere Application Server 5.0.2 .10
IBM Websphere Application Server 5.0.2 .1
IBM Websphere Application Server 5.0.2
IBM Websphere Application Server 5.0.1
IBM Websphere Application Server 5.0
DeleGate DeleGate 8.11.1
DeleGate DeleGate 8.11
DeleGate DeleGate 8.10.6
DeleGate DeleGate 8.10.5
DeleGate DeleGate 8.10.4
DeleGate DeleGate 8.10.3
DeleGate DeleGate 8.10.2
DeleGate DeleGate 8.10.1
DeleGate DeleGate 8.10
DeleGate DeleGate 8.9.6
DeleGate DeleGate 8.9.5
DeleGate DeleGate 8.9.4
DeleGate DeleGate 8.9.3
DeleGate DeleGate 8.9.2
DeleGate DeleGate 8.9.1
DeleGate DeleGate 8.9
Computer Associates Unicenter Service Desk 11.2
Computer Associates Cohesion Application Configuration Manager 4.5
Computer Associates CMDB 11.1
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems WebLogic Express 8.1 SP 1
Avaya Aura Application Enablement Services 4.0
Avaya Aura Application Enablement Services 3.1
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apache Software Foundation Tomcat 5.0.30
Apache Software Foundation Tomcat 5.0.19
Apache Software Foundation Tomcat 5.0
Apache Software Foundation Tomcat 4.1.24
Apache Software Foundation Apache 2.0.53
Apache Software Foundation Apache 2.0.52
Apache Software Foundation Apache 2.0.51
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.48
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Not Vulnerable: Computer Associates Cohesion Application Configuration Manager 4.5 SP1


 

Privacy Statement
Copyright 2010, SecurityFocus