Description

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Remediation

References

CVE-2005-2089

Related Vulnerabilities

Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-11831)

WordPress Plugin InfiniteWP Client Unspecified Vulnerability (1.3.14)

WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-29425)

OpenSSL Other Vulnerability (CVE-2014-0198)

MySQL Improper Authentication Vulnerability (CVE-2012-2122)

Severity

Medium

Classification

CVE-2005-2089

Tags

Missing Update Known Vulnerabilities