Vulnerabilities

CVE-2001-0524

by Fred · 27/07/2001

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.

Date published : 2001-07-27

http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html

http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html

Similar

Tags: Cybersecurity Alert