CVE-2005-2090

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

CVE-2005-2091

IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle an...

CVE-2005-2089

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the bo...

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...

DEBIAN-CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

CVE-2005-2088

The CVE-2005-2088 vulnerability affects the Apache HTTP Server when acting as an HTTP proxy. Specifically, versions before 1.3.34 and 2.0.x before 2.0.55 are susceptible. The issue arises from handling a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be...

CVE-2005-2090

CVE-2005-2090 affects Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0): it enables HTTP Request Smuggling via a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be mis‑interpreted and processed as a new request. This issue is noted to hav...

CVE-2005-2092

The CVE-2005-2092 entry describes a vulnerability in BEA Systems WebLogic 8.1 SP1 where a crafted HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header causes WebLogic to mis-handle the request body, leading to HTTP Request Smuggling. This can allow remote attacke...

CVE-2005-2093

Oracle 9i Application Server Oracle9iAS 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to...

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

CVE-2005-2065

Affected product: ASP Nuke 0.80 (language_select.asp). Vulnerability: HTTP response splitting via CRLF ("%0d%0a") in the LangCode parameter. Impact (as stated): remote attackers can spoof web content and poison web caches. Root cause: unsafely untrusted LangCode parameter allowing CRLF sequences....

CVE-2005-1405

CVE-2005-1405 affects Lotus Domino 6.5.x (before 6.5.4) and 6.0.x (before 6.0.5). The vulnerability is an HTTP response splitting flaw in the @SetHTTPHeader function, enabling attackers to poison the web cache through malicious applications. The provided sources describe the issue and affected ve...

CVE-2005-1405

HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications...

CVE-2005-1405

HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications...

CVE-2005-0049

Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting XSS attack, or to spoof the web cache...

Oracle Application Server Webcache Requests OHS mod_access Restriction Bypass

The version of Oracle HTTP Server OHS installed on the remote host fails to prevent users from accessing protected URLs by using the Web Cache rather than OHS directly. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18181; scriptversion"1.17";...

Oracle Application Server Web Cache OHS mod_access Authentication Bypass

Binary data 2866.prm...

CVE-2005-1180

Technical details about CVE-2005-1180 are not publicly provided in the supplied connected documents. The records here restate the vulnerability description without additional specifics on affected versions, fixes, or exploit information. Monitor for updates.