Remote Code Execution Vulnerability in Sun ONE Web Server 6.1 SP1
CVE-2005-2094
Currently unrated
Summary
The Sun ONE Web Server 6.1 SP1 is susceptible to a vulnerability that allows remote attackers to exploit improper handling of HTTP requests. By sending a specially crafted request containing both 'Transfer-Encoding: chunked' and 'Content-Length' headers, an attacker can manipulate the server into processing the request body as a separate HTTP request. This may lead to web cache poisoning, bypassing web application firewall protections, and facilitating cross-site scripting (XSS) attacks, thereby compromising the integrity and security of the affected web application.
References
Timeline
Vulnerability published
Vulnerability Reserved