Arbitrary Length String Vulnerability in eEye SecureIIS Versions 1.0.3 and Earlier
CVE-2001-0524 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
Learn more about our Cis Benchmark Audit For Microsoft Iis.