ID CVE-2005-2091
Summary IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bugtraq 20050606 A new whitepaper by Watchfire - HTTP Request Smuggling
misc
sectrack 1014367
xf ibm-websphere-hrs(42898)
Last major update 11-07-2017 - 01:32
Published 05-07-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top