Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a βTransfer-Encoding: chunkedβ header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka βHTTP Request Smuggling.β