Description
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
Remediation
References
Related Vulnerabilities
Grafana Incorrect Authorization Vulnerability (CVE-2022-21713)
Oracle Database Server CVE-2013-1554 Vulnerability (CVE-2013-1554)
Artifactory Incorrect Authorization Vulnerability (CVE-2021-45074)
Plone CMS CVE-2011-3587 Vulnerability (CVE-2011-3587)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12603)