CVE-2005-2678

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server; Internet Information Services
Vendor: CVE Published:; 23 August 2005

Summary

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

References

http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-a...

x_refsource_MISC

http://www.vupen.com/english/advisories/2005/1503

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/16548

third-party-advisoryx_refsource_SECUNIA

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 23, 2005
Vulnerability Reserved
Aug 23, 2005

Collectors

NVD DatabaseMitre Database