What is the severity of CVE-2005-2094?

CVE-2005-2094 is considered a moderate severity vulnerability due to its potential to allow remote attackers to exploit the web server.

How do I fix CVE-2005-2094?

To fix CVE-2005-2094, you should update Sun ONE Web Server to a version that addresses this vulnerability.

Which version of Sun ONE Web Server is affected by CVE-2005-2094?

CVE-2005-2094 specifically affects Sun ONE Web Server version 6.1 SP1.

What is the cause of the vulnerability CVE-2005-2094?

CVE-2005-2094 arises from the server's mishandling of HTTP requests that include both 'Transfer-Encoding: chunked' and a 'Content-Length' header.

Vulnerability/
CVE-2005-2094

medium

4.3

CWE

NVD-CWE-Other 79

30/6/2005

7/8/2024

CVE-2005-2094: XSS

First published: Thu Jun 30 2005(Updated: )

Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Sun ONE Web Server	=6.1-sp1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-2094?
CVE-2005-2094 is considered a moderate severity vulnerability due to its potential to allow remote attackers to exploit the web server.
How do I fix CVE-2005-2094?
To fix CVE-2005-2094, you should update Sun ONE Web Server to a version that addresses this vulnerability.
What types of attacks can be performed using CVE-2005-2094?
CVE-2005-2094 can be exploited to poison the web cache, bypass web application firewall protections, and conduct cross-site scripting (XSS) attacks.
Which version of Sun ONE Web Server is affected by CVE-2005-2094?
CVE-2005-2094 specifically affects Sun ONE Web Server version 6.1 SP1.
What is the cause of the vulnerability CVE-2005-2094?
CVE-2005-2094 arises from the server's mishandling of HTTP requests that include both 'Transfer-Encoding: chunked' and a 'Content-Length' header.

collector/nvd-historical
collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/author
agent/severity
agent/last-modified-date
agent/tags
agent/event
agent/description
agent/first-publish-date
agent/source
vendor/sun
canonical/sun one web server
version/sun one web server/6.1-sp1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.