CVE-2005-2092

Name of the Vulnerable Software and Affected Versions: BEA Systems WebLogic version 8.1 SP1

Description: The issue allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header. This causes the server to incorrectly handle and forward the body of the request, resulting in the receiving server processing it as a separate HTTP request.

Recommendations: For BEA Systems WebLogic version 8.1 SP1, consider restricting access to the server until a patch is available to prevent HTTP Request Smuggling attacks. As a temporary workaround, disabling the handling of requests with both "Transfer-Encoding: chunked" and Content-Length headers may help minimize the risk of exploitation.