CVE-2005-2678

Name of the Vulnerable Software and Affected Versions Microsoft IIS versions 5.1 through 6

Description The issue allows remote attackers to spoof the SERVER NAME variable, bypassing security checks and enabling various attacks. This is achieved through a GET request with an http://localhost URI, making the request appear as if it is coming from localhost.

Recommendations For Microsoft IIS versions 5.1 through 6, consider restricting access to the SERVER NAME variable to minimize the risk of exploitation. As a temporary workaround, avoid using the SERVER NAME variable in security checks until a patch is available.