CVE-2005-2093

Name of the Vulnerable Software and Affected Versions: Oracle 9i Application Server (Oracle9iAS) version 9.0.2

Description: The issue allows remote attackers to conduct HTTP Request Smuggling attacks by sending an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header. This causes the Application Server to incorrectly handle and forward the body of the request, allowing attackers to bypass web application firewall protection and potentially conduct XSS attacks.

Recommendations: For Oracle 9i Application Server (Oracle9iAS) version 9.0.2, consider restricting access to the HTTP request handling module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the Transfer-Encoding: chunked header and Content-Length header in the same HTTP request.