What is CVE-2005-2090?

CVE-2005-2090 is a vulnerability in N/a. Published 2005-06-30.

Is CVE-2005-2090 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2005-2090

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chun…

EPSS: 0.714 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

www.fujitsu.com/global/support/software/security/products-f/interstage-200703e… (x_refsource_CONFIRM)
tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
30908 (x_refsource_SECUNIA, third-party-advisory)
[Security-announce] 20080107 VMSA-2008-0002 Low severity security update for VirtualCenter and ESX Server 3.0.2, and ESX 3.0.1 (mailing-list, x_refsource_MLIST)
ADV-2007-2732 (vdb-entry, x_refsource_VUPEN)
13873 (vdb-entry, x_refsource_BID)
239312 (vendor-advisory, x_refsource_SUNALERT)
ADV-2007-3087 (vdb-entry, x_refsource_VUPEN)
30899 (x_refsource_SECUNIA, third-party-advisory)
29242 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2005-2090?: CVE-2005-2090 is a vulnerability in N/a. Published 2005-06-30.
Is CVE-2005-2090 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.