Remote Code Execution Vulnerability in Sun ONE Web Server 6.1 SP1
CVE-2005-2094

Currently unrated

Key Information:

Vendor: Oracle
Status: One Web Server
Vendor: CVE Published:; 5 July 2005

Summary

The Sun ONE Web Server 6.1 SP1 is susceptible to a vulnerability that allows remote attackers to exploit improper handling of HTTP requests. By sending a specially crafted request containing both 'Transfer-Encoding: chunked' and 'Content-Length' headers, an attacker can manipulate the server into processing the request body as a separate HTTP request. This may lead to web cache poisoning, bypassing web application firewall protections, and facilitating cross-site scripting (XSS) attacks, thereby compromising the integrity and security of the affected web application.

References

http://securitytracker.com/id?1014369

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/42903

vdb-entryx_refsource_XF

http://www.securiteam.com/securityreviews/5GP0220G0U.html

x_refsource_MISC

Timeline

Vulnerability published
Jul 5, 2005
Vulnerability Reserved
Jun 30, 2005