Details of VAR-200507-0033

ID

VAR-200507-0033

CVE

CVE-2005-2089

TITLE

Microsoft IIS Multiple security vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200507-050

DESCRIPTION

Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling.". IIS Far East Edition is prone to a cross-site scripting vulnerability

Trust: 1.17

sources: NVD: CVE-2005-2089 // BID: 89113

AFFECTED PRODUCTS

vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.0	Trust: 1.6
vendor:	microsoft	model:	internet information services	scope:	eq	version:	6.0	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.0	Trust: 0.6
vendor:	microsoft	model:	internet information server	scope:	eq	version:	6.0	Trust: 0.6
vendor:	microsoft	model:	iis	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 89113 // CNNVD: CNNVD-200507-050 // NVD: CVE-2005-2089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2089
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200507-050
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2005-2089
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200507-050 // NVD: CVE-2005-2089

PROBLEMTYPE DATA

problemtype:

CWE-444

Trust: 1.0

sources: NVD: CVE-2005-2089

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200507-050

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200507-050

EXTERNAL IDS

db:	NVD	id:	CVE-2005-2089	Trust: 1.9
db:	XF	id:	42899	Trust: 0.9
db:	BUGTRAQ	id:	20050606 A NEW WHITEPAPER BY WATCHFIRE - HTTP REQUEST SMUGGLING	Trust: 0.6
db:	CNNVD	id:	CNNVD-200507-050	Trust: 0.6
db:	BID	id:	89113	Trust: 0.3

sources: BID: 89113 // CNNVD: CNNVD-200507-050 // NVD: CVE-2005-2089

REFERENCES

url:	http://seclists.org/lists/bugtraq/2005/jun/0025.html	Trust: 1.9
url:	http://www.watchfire.com/resources/http-request-smuggling.pdf	Trust: 1.9
url:	http://www.securiteam.com/securityreviews/5gp0220g0u.html	Trust: 1.9
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/42899	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/42899	Trust: 0.9

sources: BID: 89113 // CNNVD: CNNVD-200507-050 // NVD: CVE-2005-2089

CREDITS

Unknown

Trust: 0.3

sources: BID: 89113

SOURCES

db:	BID	id:	89113
db:	CNNVD	id:	CNNVD-200507-050
db:	NVD	id:	CVE-2005-2089

LAST UPDATE DATE

2024-08-14T13:18:43.547000+00:00

SOURCES UPDATE DATE

db:	BID	id:	89113	date:	2005-07-05T00:00:00
db:	CNNVD	id:	CNNVD-200507-050	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-2089	date:	2024-02-09T02:29:29.420

SOURCES RELEASE DATE

db:	BID	id:	89113	date:	2005-07-05T00:00:00
db:	CNNVD	id:	CNNVD-200507-050	date:	2005-07-05T00:00:00
db:	NVD	id:	CVE-2005-2089	date:	2005-07-05T04:00:00