CVE-2001-0524

Name of the Vulnerable Software and Affected Versions: eEye SecureIIS versions 1.0.3 and earlier

Description: The issue arises from the lack of length checking on individual HTTP headers, allowing a remote attacker to send arbitrary length strings to IIS. This contradicts an advertised feature of the affected software.

Recommendations: For versions 1.0.3 and earlier, consider implementing custom length checks on HTTP headers to mitigate the risk of exploitation until a patch is available.