BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
References
Configurations
History
No history.
Information
Published : 2005-07-05 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-2092
Mitre link : CVE-2005-2092
CVE.ORG link : CVE-2005-2092
JSON object : View
Products Affected
bea
- weblogic_server
CWE