Vulnerabilities > CVE-2005-2678 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |