Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0524


Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0524
Last Modified 05 Sep 2008 04:24:19
Published 14 Aug 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.

Vulnerable Systems


  • Eeye Digital Security Securells 1.0.3


XF - eeye-secureiis-http-header-bo(6574)

BUGTRAQ - 20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS

BUGTRAQ - 20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS

Last Updated: 27 May 2016 10:36:18