CVE-2001-0524

2001-07-2704:00:00

mitre

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.2%

JSON

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.

References

archives.neohapsis.com/archives/bugtraq/2001-05/0185.html

archives.neohapsis.com/archives/bugtraq/2001-05/0197.html

exchange.xforce.ibmcloud.com/vulnerabilities/6574