DescriptionHTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SR:2006:011, published Fri, 19 May 2006 16:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE LINUX 10.0|| |
|SUSE LINUX 9.2|| |
|SUSE LINUX 9.3|| |