PT-2001-1730 · Eeye · Secureiis

Published

2001-07-27

Updated

2017-12-19

CVE-2001-0524

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: eEye SecureIIS versions 1.0.3 and earlier

Description: The issue arises from the lack of length checking on individual HTTP headers, allowing a remote attacker to send arbitrary length strings to IIS. This contradicts an advertised feature of the affected software.

Recommendations: For versions 1.0.3 and earlier, consider implementing custom length checks on HTTP headers to mitigate the risk of exploitation until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0524

Affected Products

Secureiis

PT-2001-1730 · Eeye · Secureiis

CVE-2001-0524

Related Identifiers

Affected Products

References · 4