Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1545


Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1545
Last Modified 07 Mar 2011 10:07:15
Published 28 Mar 2008 07:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.

Vulnerable Systems


  • Microsoft Ie 7.0

  • Microsoft Ie 7.0.5730.11


XF - ie-setrequestheader-chunk-security-bypass(42804)

VUPEN - ADV-2008-0980

BUGTRAQ - 20080321 [MSA01240108] IE7 Transfer-Encoding: chunked allows Request Splitting/Smuggling.


SREASON - 3786

SECUNIA - 29453

Last Updated: 27 May 2016 10:47:34