CVE-2005-2090

Name of the Vulnerable Software and Affected Versions: Jakarta Tomcat versions 4.1.24 through 5.0.19

Description: The issue allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header. This causes Tomcat to incorrectly handle and forward the body of the request, allowing the receiving server to process it as a separate HTTP request. The problem arises when multiple components, such as firewalls, caches, proxies, and Tomcat, process a sequence of requests where one or more requests contain multiple content-length headers, and these components make different decisions as to which content-length header to use.

Recommendations: For Jakarta Tomcat versions 4.1.24 through 5.0.19, consider updating to a version that returns a 400 error for requests with multiple content-length headers, thus rejecting such requests as invalid. As a temporary workaround, consider restricting access to the Content-Length header in HTTP requests to minimize the risk of exploitation.