Remote Code Execution Vulnerability in Sun ONE Web Server 6.1 SP1
CVE-2005-2094

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
5 July 2005

Summary

The Sun ONE Web Server 6.1 SP1 is susceptible to a vulnerability that allows remote attackers to exploit improper handling of HTTP requests. By sending a specially crafted request containing both 'Transfer-Encoding: chunked' and 'Content-Length' headers, an attacker can manipulate the server into processing the request body as a separate HTTP request. This may lead to web cache poisoning, bypassing web application firewall protections, and facilitating cross-site scripting (XSS) attacks, thereby compromising the integrity and security of the affected web application.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.