Description

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Remediation

References

CVE-2005-2090

Related Vulnerabilities

WordPress Plugin BSK PDF Manager Multiple Cross-Site Scripting Vulnerabilities (1.3)

Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39582)

Oracle JRE CVE-2013-2431 Vulnerability (CVE-2013-2431)

WordPress 3.7.x Denial of Service Vulnerability (3.7 - 3.7.25)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2324)

Severity

Medium

Classification

CVE-2005-2090

Tags

Missing Update Known Vulnerabilities