CVE-2005-2678

CVE Database · CVE-2005-2678

CVE-2005-2678

· N/AModified

CVSS v3.1

N/A

EPSS

41.84%

Published

Aug 23, 2005

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

Affected Products (2)

microsoft · internet_information_servervulnerable

microsoft · internet_information_servicesvulnerable

References (8)

http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html

http://marc.info/?l=bugtraq&m=112474727903399&w=2

http://secunia.com/advisories/16548

Vendor Advisory

http://www.vupen.com/english/advisories/2005/1503

http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html

http://marc.info/?l=bugtraq&m=112474727903399&w=2

http://secunia.com/advisories/16548

Vendor Advisory

http://www.vupen.com/english/advisories/2005/1503

KEV Catalog EPSS Scores Vendors All CVEs