CVE-2005-2094

Published: Jul 5, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Affected (1)

Products: Sun: One Web Server

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun One Web Server	Version 6.1 sp1

References (10)

http://seclists.org/lists/bugtraq/2005/Jun/0025.html

Source: cve@mitre.org

http://securitytracker.com/id?1014369

Source: cve@mitre.org

http://www.securiteam.com/securityreviews/5GP0220G0U.html

Source: cve@mitre.org

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42903

Source: cve@mitre.org

http://seclists.org/lists/bugtraq/2005/Jun/0025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1014369

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securiteam.com/securityreviews/5GP0220G0U.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/42903

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.