Description
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Remediation
References
Related Vulnerabilities
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2014-0118)
WordPress Plugin Yet Another bol.com Cross-Site Scripting (1.4)
WordPress Plugin Affiliate Press Multiple Cross-Site Scripting Vulnerabilities (0.3.8)
WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.5)