SuSe Linux Enterprise Server 9
Apache is prone to an HTTP request smuggling attack.
On SLES 9 More information about the fix may be found at:
It is possible that this attack may result in cache poisoning, cross-site scripting, session hijacking and other attacks.
This issue was originally described in CAN-2005-2088 (Multiple Vendor Multiple HTTP Request Smuggling Vulnerabilities). Due to the availability of more details and vendor confirmation, it is being assigned a new BID.
Note this defect has been resolved in an upcoming release of Apache for NetWare. Further information about this defect indicates the following:
The Apache Project has already submitted a fix for this issue
that will be released in version 2.0.55 of the httpd web server.
The ASF's policy toward vulnerabilities is that they try to patch
and release an update even before the vulnerability has been
announced. The fact that a patch as been committed to the
2.0.55-dev code base and the ASF seems to not be in a hurry to
release 2.0.55, indicates that this vulnerability is very
Formerly known as TID# 10098469