Lucene search
+L

3652 matches found

Cvelist
Cvelist
added 2005/06/30 4:0 a.m.34 views

CVE-2005-2089

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the bo...

6.1AI score0.3097EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.36 views

CVE-2005-2090

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

3.6AI score0.29784EPSS
Exploits4References49
CVE
CVE
added 2005/06/30 4:0 a.m.63 views

CVE-2005-2091

CVE-2005-2091 affects IBM WebSphere 5.0/5.1. The vulnerability arises from how WebSphere handles HTTP requests that include both Transfer-Encoding: chunked and a Content-Length header, causing the body to be forwarded in a way that can be treated as a separate HTTP request. This enables remote at...

4.3CVSS6.2AI score0.01515EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2005/06/30 4:0 a.m.36 views

CVE-2005-2092

The CVE-2005-2092 entry describes a vulnerability in BEA Systems WebLogic 8.1 SP1 where a crafted HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header causes WebLogic to mis-handle the request body, leading to HTTP Request Smuggling. This can allow remote attacke...

4.3CVSS6.4AI score0.01515EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2005/06/30 4:0 a.m.70 views

CVE-2005-2094

Sun SunONE web server 6.1 SP1 is affected by CVE-2005-2094. The vulnerability arises in HTTP request processing when a request contains both Transfer-Encoding: chunked and Content-Length headers, leading SunONE to mishandle and forward the request body as if it were a separate HTTP request. This ...

4.3CVSS6.4AI score0.0142EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.32 views

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...

6.1AI score0.01515EPSS
Exploits1References5
CVE
CVE
added 2005/06/30 4:0 a.m.132 views

CVE-2005-2088

The CVE-2005-2088 vulnerability affects the Apache HTTP Server when acting as an HTTP proxy. Specifically, versions before 1.3.34 and 2.0.x before 2.0.55 are susceptible. The issue arises from handling a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be...

4.3CVSS5.8AI score0.20461EPSS
Exploits1References59Affected Software1
CVE
CVE
added 2005/06/30 4:0 a.m.260 views

CVE-2005-2090

CVE-2005-2090 affects Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0): it enables HTTP Request Smuggling via a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be mis‑interpreted and processed as a new request. This issue is noted to hav...

4.3CVSS3.6AI score0.29784EPSS
Exploits4References49Affected Software1
Positive Technologies
Positive Technologies
added 2005/06/30 12:0 a.m.8 views

PT-2005-3031 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS versions 5.0 through 6.0 Description: The issue allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked head...

4.3CVSS6AI score0.3097EPSS
Exploits0References7
Symantec
Symantec
added 2005/06/14 12:0 a.m.24 views

Microsoft ISA Server HTTP Request Smuggling Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is reported prone to a HTTP request smuggling attack. The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header. A remo...

0.4AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/05/19 12:0 a.m.31 views

Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)

Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost...

7.5CVSS5.4AI score0.50775EPSS
Exploits0References5
CERT
CERT
added 2005/02/04 12:0 a.m.69 views

Single crafted HTTP request may result in multiple responses

Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...

4.3CVSS3.2AI score0.29784EPSS
Exploits4References4
Rows per page
Query Builder