Description

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

Remediation

References

CVE-2005-2678

Related Vulnerabilities

Jenkins Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2020-2105)

Oracle JRE CVE-2012-1541 Vulnerability (CVE-2012-1541)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0864)

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-10172)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)

Severity

Medium

Classification

CVE-2005-2678

Tags

Missing Update Known Vulnerabilities