Lucene search

[email protected]CVE-2005-2094

HistoryJul 05, 2005 - 4:00 a.m.

CVE-2005-2094

2005-07-0504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sunone

web server

vulnerability

http request smuggling

security

xss

firewall protection

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.348 Low

EPSS

Percentile

97.1%

JSON

Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a “Transfer-Encoding: chunked” header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka “HTTP Request Smuggling.”

CPENameOperatorVersion
sun:one_web_serversun one web servereq6.1

CPE	Name	Operator	Version
sun:one_web_server	sun one web server	eq	6.1

References

seclists.org/lists/bugtraq/2005/Jun/0025.html

securitytracker.com/id?1014369

www.securiteam.com/securityreviews/5GP0220G0U.html

www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/42903

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.348 Low

EPSS

Percentile

97.1%

JSON

Related for CVE-2005-2094

cvelist1