eEye SecureIIS versions 1.0.3 and previous versions does not perform length checking on individual HTTP headers, which allows a remote malicious user to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and previous versions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
eeye digital security securells |