CVE-2005-2093
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/07/2005
Last modified:
03/04/2025
Description
Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://seclists.org/lists/bugtraq/2005/Jun/0025.html
- http://www.securiteam.com/securityreviews/5GP0220G0U.html
- http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42902
- http://seclists.org/lists/bugtraq/2005/Jun/0025.html
- http://www.securiteam.com/securityreviews/5GP0220G0U.html
- http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42902