CVE-2008-1545

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 7

Description The issue concerns the setRequestHeader method of the XMLHttpRequest object, which fails to restrict the dangerous Transfer-Encoding HTTP request header. This allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks by sending a POST request containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.

Recommendations For Microsoft Internet Explorer 7, consider disabling the use of the setRequestHeader method for the XMLHttpRequest object until a fix is available, or avoid using the Transfer-Encoding header in requests to minimize the risk of exploitation.