Lucene search

[email protected]CVE-2005-2092

HistoryJul 05, 2005 - 4:00 a.m.

CVE-2005-2092

2005-07-0504:00:00

[email protected]

web.nvd.nist.gov

bea systems

weblogic

8.1 sp1

vulnerability

http request smuggling

xss attacks

web cache

web application firewall

nvd

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.087 Low

EPSS

Percentile

94.5%

JSON

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a “Transfer-Encoding: chunked” header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka “HTTP Request Smuggling.”

Affected configurations

NVD

Node

beaweblogic_serverMatch8.1sp1

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1

References

seclists.org/lists/bugtraq/2005/Jun/0025.html

securitytracker.com/id?1014366

www.securiteam.com/securityreviews/5GP0220G0U.html

www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/42901

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.087 Low

EPSS

Percentile

94.5%

JSON

Related for CVE-2005-2092

cvelist1 nvd1