Vulnerabilities > CVE-2001-0524 - Remote Security vulnerability in Securells

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

eeye-digital-security

NVD

Published: 2001-08-14

Updated: 2017-12-19

Summary

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.

Vulnerable Configurations

Part	Description	Count
Application	Eeye_Digital_Security Eeye Digital Security Securells *	1

References

http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6574