Description

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

Remediation

References

CVE-2005-2678

Related Vulnerabilities

MySQL CVE-2019-2834 Vulnerability (CVE-2019-2834)

WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.5)

PostgreSQL Other Vulnerability (CVE-2006-0678)

WordPress Plugin User Access Manager Cross-Site Scripting (1.2.6.7)

MySQL CVE-2017-10314 Vulnerability (CVE-2017-10314)

Severity

Medium

Classification

CVE-2005-2678

Tags

Missing Update Known Vulnerabilities