Microsoft · Iis · CVE-2005-2678
**Name of the Vulnerable Software and Affected Versions**
Microsoft IIS versions 5.1 through 6
**Description**
The issue allows remote attackers to spoof the `SERVER NAME` variable, bypassing security checks and enabling various attacks. This is achieved through a GET request with an http://localhost URI, making the request appear as if it is coming from localhost.
**Recommendations**
For Microsoft IIS versions 5.1 through 6, consider restricting access to the `SERVER NAME` variable to minimize the risk of exploitation. As a temporary workaround, avoid using the `SERVER NAME` variable in security checks until a patch is available.