Arbitrary Length String Vulnerability in eEye SecureIIS Versions 1.0.3 and Earlier

Arbitrary Length String Vulnerability in eEye SecureIIS Versions 1.0.3 and Earlier

CVE-2001-0524 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.

Learn more about our Cis Benchmark Audit For Microsoft Iis.