Description
Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Remediation
References
Related Vulnerabilities
MediaWiki CVE-2022-28205 Vulnerability (CVE-2022-28205)
WordPress Plugin Smart Manager for WooCommerce & WPeC SQL Injection (3.9.6)
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650)
WordPress Plugin Advanced Contact form 7 DB Arbitrary File Upload (1.4.4)
Grafana Improper Authentication Vulnerability (CVE-2022-39229)