5.1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

ibm

NVD

Published: 2005-07-05

Updated: 2017-07-11

Summary

IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Websphere Application Server 5.0 IBM Websphere Application Server 5.1.0	2

References

http://seclists.org/lists/bugtraq/2005/Jun/0025.html
http://securitytracker.com/id?1014367
http://www.securiteam.com/securityreviews/5GP0220G0U.html
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42898