Lucene search
K

3636 matches found

CVE
CVE
added 2005/06/30 4:0 a.m.69 views

CVE-2005-2094

Sun SunONE web server 6.1 SP1 is affected by CVE-2005-2094. The vulnerability arises in HTTP request processing when a request contains both Transfer-Encoding: chunked and Content-Length headers, leading SunONE to mishandle and forward the request body as if it were a separate HTTP request. This ...

4.3CVSS6.4AI score0.0142EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2005/06/30 4:0 a.m.131 views

CVE-2005-2088

The CVE-2005-2088 vulnerability affects the Apache HTTP Server when acting as an HTTP proxy. Specifically, versions before 1.3.34 and 2.0.x before 2.0.55 are susceptible. The issue arises from handling a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be...

4.3CVSS5.8AI score0.20461EPSS
Exploits1References59Affected Software1
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.21 views

CVE-2005-2091

IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle an...

6AI score0.01515EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.30 views

CVE-2005-2093

Oracle 9i Application Server Oracle9iAS 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to...

8.9AI score0.04945EPSS
Exploits1References4
CVE
CVE
added 2005/06/30 4:0 a.m.36 views

CVE-2005-2092

The CVE-2005-2092 entry describes a vulnerability in BEA Systems WebLogic 8.1 SP1 where a crafted HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header causes WebLogic to mis-handle the request body, leading to HTTP Request Smuggling. This can allow remote attacke...

4.3CVSS6.4AI score0.01515EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.31 views

CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Lengt...

9.1AI score0.20461EPSS
Exploits1References59
CVE
CVE
added 2005/06/30 4:0 a.m.63 views

CVE-2005-2091

CVE-2005-2091 affects IBM WebSphere 5.0/5.1. The vulnerability arises from how WebSphere handles HTTP requests that include both Transfer-Encoding: chunked and a Content-Length header, causing the body to be forwarded in a way that can be treated as a separate HTTP request. This enables remote at...

4.3CVSS6.2AI score0.01515EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.35 views

CVE-2005-2090

Jakarta Tomcat 5.0.19 Coyote/1.1 and Tomcat 4.1.24 Coyote/1.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat t...

3.6AI score0.29784EPSS
Exploits4References49
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.31 views

CVE-2005-2092

BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...

6.1AI score0.01515EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.24 views

CVE-2005-2094

Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward...

6.1AI score0.0142EPSS
Exploits0References5
Cvelist
Cvelist
added 2005/06/30 4:0 a.m.33 views

CVE-2005-2089

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the bo...

6.1AI score0.3097EPSS
Exploits0References4
CVE
CVE
added 2005/06/30 4:0 a.m.258 views

CVE-2005-2090

CVE-2005-2090 affects Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0): it enables HTTP Request Smuggling via a request containing both Transfer-Encoding: chunked and Content-Length, causing the body to be mis‑interpreted and processed as a new request. This issue is noted to hav...

4.3CVSS3.6AI score0.29784EPSS
Exploits4References49Affected Software1
Positive Technologies
Positive Technologies
added 2005/06/30 12:0 a.m.5 views

PT-2005-3031 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: Microsoft IIS versions 5.0 through 6.0 Description: The issue allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a Transfer-Encoding: chunked head...

4.3CVSS6AI score0.3097EPSS
Exploits0References7
Symantec
Symantec
added 2005/06/14 12:0 a.m.23 views

Microsoft ISA Server HTTP Request Smuggling Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is reported prone to a HTTP request smuggling attack. The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header. A remo...

0.4AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/05/19 12:0 a.m.31 views

Fedora Core 3 : squid-2.5.STABLE9-1.FC3.6 (2005-373)

Mon May 16 2005 Jay Fenlason 7:2.5.STABLE9-1.FC3.6 - More upstream patches, including ones for bz157456 CVE-2005-1519 DNS lookups unreliable on untrusted networks bz156162 CVE-1999-0710 cachemgr.cgi access control bypass - The following bugs had already been fixed, but the announcements were lost...

7.5CVSS5.4AI score0.50775EPSS
Exploits0References5
CERT
CERT
added 2005/02/04 12:0 a.m.68 views

Single crafted HTTP request may result in multiple responses

Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...

4.3CVSS3.2AI score0.29784EPSS
Exploits4References4
Rows per page
Query Builder