Description

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

Remediation

References

CVE-2005-2678

Related Vulnerabilities

WordPress Plugin Newsletter by Supsystic Cross-Site Scripting (1.1.7)

WordPress Plugin Cookie Notification for WordPress-WP Cookie User Info includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)

WordPress Plugin Backup Migration Arbitrary File Download (1.3.6)

WordPress Plugin Facebook With Login Multiple Vulnerabilities (1.0)

Severity

Medium

Classification

CVE-2005-2678

Tags

Missing Update Known Vulnerabilities