|
Description
|
|
A vulnerability has been identified in Sun Java System Proxy Server when used in conjunction with Sun Java System Application Server or Sun Java System Web Server, which could be exploited to conduct HTTP request smuggling attacks. This flaw is due to an error when handling HTTP requests containing both "Transfer-Encoding: chunked" and "Content-Length" headers, which could allow the bypass of Web application firewall protection or lead to cross site scripting attacks.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Sun Java System Proxy Server 3.6Sun Java System Proxy Server 4.0Sun Java System Web Server 6.0Sun Java System Web Server 6.1 2005Q1Sun ONE Application Server 7Sun Java System Application Server 7 2004Q2Sun Java System Application Server Enterprise Edition 8.1 2005 Q1Sun Java System Application Server Platform Edition 8.1 2005 Q1
|
|
|
|
|
|
Solution
|
|
Apply patches :
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1
|
|
|
|
|
|
CVE
|
|
CVE-2006-6276
|
|
|
|
|
|
References
|
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
