Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Request Smuggling Vulnerability Found

Posted by CowboyNeal on Thursday July 7, 2005 @07:41PM from the web-jacking dept.

An anonymous reader writes "Whitedust is reporting on a HTTP request smuggling vulnerability in Apache. The flaw apparently allows attackers to piggy back valid HTTP requests over the 'Content-Length:' header, which can result in cache poisoning, cross-site scripting, session hijacking and other various kinds of attack. This flaw affects most of the 2.0.x branch of Apache's HTTPD server."

2 of 168 comments (clear)

Min score:

Reason:

Sort:

I don't get it.. by Anonymous Coward · 2005-07-07 20:13 · Score: 0, Flamebait

Why is this slashdot material?

It is old news, and if someone has an interest in security they should subscribe to the relevant lists. /AC
Maybe you should stop making your life difficult? by Some+Random+Username · 2005-07-08 07:39 · Score: 0, Flamebait

Why the hell do you have 300 non-stock versions of apache on 3 or 4 different platforms? Apache is apache on whatever platform, pick one and use it. And apache supports modules you know, you don't need to compile a custom apache all the time, it just makes life difficult for no reason.