Unrated severityNVD Advisory· Published Mar 28, 2008· Updated Jun 16, 2026
CVE-2008-1545
CVE-2008-1545
Description
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.
Affected products
3cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:*:*:*:*:*:*:*
- (no CPE)range: 7
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.