Description

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

Remediation

References

CVE-2005-2678

Related Vulnerabilities

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.19)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0950)

WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.96)

Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)

WordPress Plugin Easy Accordion-Best Accordion FAQ Cross-Site Scripting (2.0.21)

Severity

Medium

Classification

CVE-2005-2678

Tags

Missing Update Known Vulnerabilities