Pound is vulnerable to HTTP request smuggling, which could be exploited to bypass security restrictions or poison web caches.
Package | www-servers/pound on all architectures |
---|---|
Affected versions | < 2.0.5 |
Unaffected versions | >= 2.0.5 revision >= 1.10 revision >= 1.9.4 |
Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly.
Pound fails to handle HTTP requests with conflicting "Content-Length" and "Transfer-Encoding" headers correctly.
An attacker could exploit this vulnerability by sending HTTP requests with specially crafted "Content-Length" and "Transfer-Encoding" headers to bypass certain security restrictions or to poison the web proxy cache.
There is no known workaround at this time.
All Pound users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose www-servers/pound
Release date
June 07, 2006
Latest revision
November 24, 2006: 03
Severity
low
Exploitable
remote
Bugzilla entries