Remote Server Name Spoofing Vulnerability in Microsoft IIS 5.1 and 6

Remote Server Name Spoofing Vulnerability in Microsoft IIS 5.1 and 6

CVE-2005-2678 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

Learn more about our Cis Benchmark Audit For Microsoft Iis.