Description

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Remediation

References

CVE-2005-2089

Related Vulnerabilities

WordPress 6.1.x Multiple Vulnerabilities (6.1 - 6.1.1)

MySQL CVE-2014-2438 Vulnerability (CVE-2014-2438)

MySQL CVE-2023-21982 Vulnerability (CVE-2023-21982)

WordPress Plugin Shared Files-Easy Download Manager and File Sharing with Frontend File Upload Cross-Site Scripting (1.6.60)

Joomla! Core 1.6.0 Multiple Vulnerabilities (1.6.0)

Severity

Medium

Classification

CVE-2005-2089

Tags

Missing Update Known Vulnerabilities