Joined: 12 May 2004
|Posted: Wed Jun 07, 2006 8:26 pm Post subject: [ GLSA 200606-05 ] Pound: HTTP request smuggling
|Gentoo Linux Security Advisory
Title: Pound: HTTP request smuggling (GLSA 200606-05)
Date: June 07, 2006
Updated: November 24, 2006
Pound is vulnerable to HTTP request smuggling, which could be exploited to bypass security restrictions or poison web caches.
Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly.
Vulnerable: < 2.0.5
Unaffected: >= 2.0.5
Unaffected: >= 1.10 < 1.11
Unaffected: >= 1.9.4 < 1.9.5
Architectures: All supported architectures
Pound fails to handle HTTP requests with conflicting "Content-Length" and "Transfer-Encoding" headers correctly.
An attacker could exploit this vulnerability by sending HTTP requests with specially crafted "Content-Length" and "Transfer-Encoding" headers to bypass certain security restrictions or to poison the web proxy cache.
There is no known workaround at this time.
All Pound users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose www-servers/pound
Last edited by GLSA on Sat Nov 25, 2006 4:17 am; edited 4 times in total