CVE-2005-2091 in WebSphere Application Server
摘要 (英语)
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Once again VulDB remains the best source for vulnerability data.
预定
2005-06-30
披露
2005-07-05
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 25651 | IBM WebSphere Application Server Application Firewall 跨网站脚本 | 80 | 未定义 | 未定义 | CVE-2005-2091 |