Search for vulnerabilities
Vulnerability details: VCID-hp9s-1hfz-hycw
Vulnerability ID VCID-hp9s-1hfz-hycw
Aliases CVE-2005-2088
Summary A flaw occured when using the Apache server as a HTTP proxy. A remote attacker could send a HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, causing Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request. This could allow the bypass of web application firewall protection or lead to cross-site scripting (XSS) attacks.
Status Published
Exploitability 2.0
Weighted Severity 4.8
Risk 9.6
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.60492 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.60492 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.69884 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.69884 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
epss 0.82742 https://api.first.org/data/v1/epss?cve=CVE-2005-2088
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2005-2088.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2088.json
https://api.first.org/data/v1/epss?cve=CVE-2005-2088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2088
1617682 https://bugzilla.redhat.com/show_bug.cgi?id=1617682
316173 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316173
CVE-2005-2088 https://httpd.apache.org/security/json/CVE-2005-2088.json
RHSA-2005:582 https://access.redhat.com/errata/RHSA-2005:582
USN-160-1 https://usn.ubuntu.com/160-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.98248
EPSS Score 0.60492
Published At Sept. 23, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:43.047141+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2005-2088.json 37.0.0