Red Hat Customer Portal

Skip to main content

CVE-2005-2090

Impact:
Moderate
Public Date:
2005-06-06
Bugzilla:
237079: CVE-2005-2090 tomcat multiple content-length header poisioning

The MITRE CVE dictionary describes this issue as:

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Find out more about CVE-2005-2090 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (jbossas-ejb3) RHSA-2007:0360 2007-05-24
Red Hat Certificate System 7.3 for 4AS (xml-commons) RHSA-2010:0602 2010-08-04
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2007:0328 2007-05-24
Red Hat Satellite v 4.1 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) (tomcat5) RHSA-2008:0261 2008-05-20
Red Hat Satellite v 4.2 (RHEL v.3 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.2 (RHEL v.3 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.0 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite 5.0 (RHEL v.4 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Satellite v 4.2 (RHEL v.4 AS) (tomcat5) RHSA-2008:0524 2008-06-30
Red Hat Satellite v 4.0 (RHEL v.3 AS) (tyrex) RHSA-2007:1069 2007-11-26
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2007:0327 2007-05-14
Red Hat Application Server v2 4AS (tomcat5) RHSA-2007:0326 2007-05-21
Red Hat Application Server 3AS (tomcat5) RHSA-2007:0340 2007-05-08
Red Hat Satellite v 4.1 (RHEL v.3 AS) (tyrex) RHSA-2007:1069 2007-11-26

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 tomcat5 5.5.23-0jpp.1.0.3.el5 Fixed
Red Hat Enterprise Linux version 5 jakarta-commons-modeler 1.1-8jpp.1.0.2.el5 Fixed