CVE-2001-0524
Severity:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/08/2001
Last modified:
19/12/2017
Description
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:eeye_digital_security:securells:*:*:*:*:*:*:*:* | 1.0.3 (including) |
To consult the complete list of CPE names with products and versions, see this page