Description
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Remediation
References
Related Vulnerabilities
WordPress Plugin Augmented reality Unspecified Vulnerability (1.2.0)
Moodle CVE-2024-25980 Vulnerability (CVE-2024-25980)
WordPress Plugin WP Accurate Form Data Multiple Vulnerabilities (1.2)
WordPress Plugin Ocean Extra PHP Object Injection (2.0.4)
WordPress Plugin Favicon by RealFaviconGenerator Unspecified Vulnerability (1.2.13)