CVE-2005-2678
published 2005-08-23CVE-2005-2678: Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with…
medium5CVSS 3.1
AVNACLAuNCPINAN
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_information_server | — | — |
| microsoft | internet_information_services | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM