CVE-2005-2089 is a vulnerability in Microsoft Internet Information Services
Published on July 5, 2005

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

NVD

Products Associated with CVE-2005-2089

Want to know whenever a new CVE is published for Microsoft Internet Information Services? stack.watch will email you.

Microsoft Internet Information Services

Exploit Probability

EPSS

35.63%

Percentile

97.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2005-2089 is a vulnerability in Microsoft Internet Information ServicesPublished on July 5, 2005

Products Associated with CVE-2005-2089

Exploit Probability

CVE-2005-2089 is a vulnerability in Microsoft Internet Information Services
Published on July 5, 2005