CVE-2005-3751

Description

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.

How to fix CVE-2005-3751

To remediate CVE-2005-3751, upgrade the affected package to a fixed version below.

• Debian/pound—upgrade to 1.9.4-1 or later

Is CVE-2005-3751 being exploited?

Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.9.4-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-3751