Potential Security Vulnerability with Apache 2.15 and earlier
This document (3222109) is provided subject to the disclaimer at the end of this document.
SuSe Linux Enterprise Server 9
Apache is prone to an HTTP request smuggling attack.
On SLES 9 More information about the fix may be found at:
It is possible that this attack may result in cache poisoning, cross-site scripting, session hijacking and other attacks.
This issue was originally described in CAN-2005-2088 (Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities). Due to the availability of more details and vendor confirmation, it is being assigned a new BID.
Note this defect has been resolved in an upcoming release of Apache for NetWare. Further information about this defect indicates the following:
The Apache Project has already submitted a fix for this issue
that will be released in version 2.0.55 of the httpd web server.
The ASF's policy toward vulnerabilities is that they try to patch
and release an update even before the vulnerability has been
announced. The fact that a patch as been committed to the
2.0.55-dev code base and the ASF seems to not be in a hurry to
release 2.0.55, indicates that this vulnerability is very
Formerly known as TID# 10098469
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:3222109
- Creation Date:21-NOV-06
- Modified Date:27-APR-12
- SUSESUSE Linux Enterprise Server
Did this document solve your problem? Provide Feedback