CVE-2005-2089 - OpenCVE

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Internet Information Services

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:internet_information_services:5.0:::::::*
	cpe:2.3:a:microsoft:internet_information_services:6.0:::::::*

References

Link	Resource
http://seclists.org/lists/bugtraq/2005/Jun/0025.html	Mailing List Third Party Advisory
http://www.securiteam.com/securityreviews/5GP0220G0U.html	Broken Link
http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/42899	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-06-30T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-06-30T00:00:00

Link: CVE-2005-2089

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-07-05T04:00:00.000

Modified: 2024-02-09T02:29:29.420

Link: CVE-2005-2089

JSON object: View

Redhat Information

No data.

CWE

CWE-444

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-06-06T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "microsoft-iis-hrs(42899)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42899"}, {"tags": ["x_refsource_MISC"], "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"}, {"name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2089", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "microsoft-iis-hrs(42899)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42899"}, {"name": "http://www.securiteam.com/securityreviews/5GP0220G0U.html", "refsource": "MISC", "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"}, {"name": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf", "refsource": "MISC", "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"}, {"name": "20050606 A new whitepaper by Watchfire - HTTP Request Smuggling", "refsource": "BUGTRAQ", "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2089", "datePublished": "2005-06-30T04:00:00", "dateReserved": "2005-06-30T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B4DF95D-B4B1-4FB6-9D27-A6D359EEACFA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\""}], "id": "CVE-2005-2089", "lastModified": "2024-02-09T02:29:29.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-07-05T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42899"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}