2 matches found
CVE-2001-0523
The CVE-2001-0523 entry concerns eEye SecureIIS versions 1.0.3 and earlier. Affected component: SecureIIS request filtering logic. Root cause: remote attacker can bypass filtering by escaping HTML characters within the request, enabling use of restricted variables and potential directory traversa...
CVE-2001-0524
CVE-2001-0524 affects eEye SecureIIS versions 1.0.3 and earlier. The issue is that SecureIIS does not perform length checking on individual HTTP headers, allowing a remote attacker to send arbitrarily long header strings to IIS, contradicting the product’s advertised behavior. The vulnerability’s...