CVE-2001-0524
CVE-2001-0524 affects eEye SecureIIS versions 1.0.3 and earlier. The issue is that SecureIIS does not perform length checking on individual HTTP headers, allowing a remote attacker to send arbitrarily long header strings to IIS, contradicting the product’s advertised behavior. The vulnerability’s...