CVE-2008-1545 - CVE Reference - Advisories

CVE Reference: CVE-2008-1545

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1545

Description: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42804 SREASON http://securityreason.com/securityalert/3786 SAID Secunia Advisory: SA29453 MISC http://www.mindedsecurity.com/MSA01240108.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489960/100/0/threaded

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Microsoft Windows DNS Spoofing Vulnerabilities

2.	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

3.	Microsoft Word Unspecified Code Execution Vulnerability

4.	Microsoft SQL Server and MSDE Multiple Vulnerabilities

5.	Microsoft Windows Explorer Saved Search Vulnerability

6.	ISC BIND Query Port DNS Cache Poisoning

7.	Cisco Products DNS Cache Poisoning Vulnerability

8.	Joomla Unauthorized Access Vulnerabilities

9.	Microsoft Outlook Web Access Script Insertion Vulnerabilities

10.	Dokeos "include" Local File Inclusion Vulnerability