Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 01:57
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2005-07-05 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-2090
Mitre link : CVE-2005-2090
CVE.ORG link : CVE-2005-2090
JSON object : View
Products Affected
apache
- tomcat
CWE