Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6epr-2hbd-skcz
Vulnerability ID VCID-6epr-2hbd-skcz
Aliases CVE-2005-2090
GHSA-f2gq-p6qv-ccw4
Summary Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-707 Improper Neutralization
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
generic_textual MODERATE http://docs.info.apple.com/article.html?artnum=306172
generic_textual MODERATE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
generic_textual MODERATE http://lists.vmware.com/pipermail/security-announce/2008/000003.html
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
epss 0.81971 https://api.first.org/data/v1/epss?cve=CVE-2005-2090
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
generic_textual MODERATE http://seclists.org/lists/bugtraq/2005/Jun/0025.html
generic_textual MODERATE http://securitytracker.com/id?1014365
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-f2gq-p6qv-ccw4
generic_textual MODERATE https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2005-2090
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2005-2090
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499
generic_textual MODERATE http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
generic_textual MODERATE http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
generic_textual MODERATE http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
generic_textual MODERATE http://tomcat.apache.org/security-4.html
generic_textual MODERATE http://tomcat.apache.org/security-5.html
generic_textual MODERATE http://tomcat.apache.org/security-6.html
generic_textual MODERATE http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2007-0327.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2007-0360.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2008-0261.html
generic_textual MODERATE http://www.securiteam.com/securityreviews/5GP0220G0U.html
generic_textual MODERATE http://www.securityfocus.com/archive/1/485938/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/archive/1/500396/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/archive/1/500412/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/bid/13873
generic_textual MODERATE http://www.securityfocus.com/bid/25159
Reference id Reference type URL
http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
http://docs.info.apple.com/article.html?artnum=306172
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2008/000003.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2090.json
https://api.first.org/data/v1/epss?cve=CVE-2005-2090
http://seclists.org/lists/bugtraq/2005/Jun/0025.html
http://secunia.com/advisories/26235
http://secunia.com/advisories/26660
http://secunia.com/advisories/27037
http://secunia.com/advisories/28365
http://secunia.com/advisories/29242
http://secunia.com/advisories/30899
http://secunia.com/advisories/30908
http://secunia.com/advisories/33668
http://securitytracker.com/id?1014365
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10499
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm
http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
http://www.redhat.com/support/errata/RHSA-2007-0327.html
http://www.redhat.com/support/errata/RHSA-2007-0360.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.securityfocus.com/archive/1/485938/100/0/threaded
http://www.securityfocus.com/archive/1/500396/100/0/threaded
http://www.securityfocus.com/archive/1/500412/100/0/threaded
http://www.securityfocus.com/bid/13873
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3087
http://www.vupen.com/english/advisories/2007/3386
http://www.vupen.com/english/advisories/2008/0065
http://www.vupen.com/english/advisories/2008/1979/references
http://www.vupen.com/english/advisories/2009/0233
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
237079 https://bugzilla.redhat.com/show_bug.cgi?id=237079
cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*
CVE-2005-2090 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090
CVE-2005-2090 https://nvd.nist.gov/vuln/detail/CVE-2005-2090
GHSA-f2gq-p6qv-ccw4 https://github.com/advisories/GHSA-f2gq-p6qv-ccw4
RHSA-2007:0360 https://access.redhat.com/errata/RHSA-2007:0360
RHSA-2007:1069 https://access.redhat.com/errata/RHSA-2007:1069
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2005-2090
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.99196
EPSS Score 0.81971
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:17.995408+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-6.html 38.0.0