Microsoft IIS 5.1 and 6 allows remote malicious users to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an localhost URI, which makes it appear as if the request is coming from localhost.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet information server 6.0 |
||
microsoft internet information services 5.0 |