CVE-2005-2091

Name of the Vulnerable Software and Affected Versions: IBM WebSphere versions 5.0 through 5.1

Description: The issue allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header. This causes the server to incorrectly handle and forward the body of the request, resulting in the receiving server processing it as a separate HTTP request.

Recommendations: For IBM WebSphere versions 5.0 through 5.1, consider restricting access to the HTTP request handling mechanism to minimize the risk of exploitation. As a temporary workaround, avoid using the Transfer-Encoding: chunked header and the Content-Length header in the same HTTP request until a patch is available.