CVE-2005-2089

CVE Database · CVE-2005-2089

CVE-2005-2089

· N/AModified

CVSS v3.1

N/A

EPSS

30.97%

Published

Jul 5, 2005

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

Weaknesses (CWE)

CWE-444

Affected Products (2)

microsoft · internet_information_servicesvulnerable

References (8)

http://seclists.org/lists/bugtraq/2005/Jun/0025.html

Mailing ListThird Party Advisory

http://www.securiteam.com/securityreviews/5GP0220G0U.html

Broken Link

http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/42899

Third Party AdvisoryVDB Entry

http://seclists.org/lists/bugtraq/2005/Jun/0025.html

Mailing ListThird Party Advisory

http://www.securiteam.com/securityreviews/5GP0220G0U.html

KEV Catalog EPSS Scores Vendors All CVEs