Executive Summary

Informations
Name CVE-2005-2678 First vendor Publication 2005-08-23
Vendor Cve Last vendor Modification 2020-11-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2678

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

Open Source Vulnerability Database (OSVDB)

Id Description
18926 Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass

Microsoft IIS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a URL is supplied spoofing the server name in the http GET request. Server scripts that allow elevated privileges when accessed locally may be fooled into thinking a remote request is from a local user. This flaw may lead to a loss of confidentiality or integrity.

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Windows IIS source code disclosure attempt
RuleID : 17653 - Revision : 13 - Type : SERVER-IIS
2014-01-10 Microsoft Windows IIS source code disclosure attempt
RuleID : 17652 - Revision : 14 - Type : SERVER-IIS

Sources (Detail)

Source Url
BUGTRAQ http://marc.info/?l=bugtraq&m=112474727903399&w=2
MISC http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-nam...
SECUNIA http://secunia.com/advisories/16548
VUPEN http://www.vupen.com/english/advisories/2005/1503

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Date Informations
2024-02-02 01:03:13
  • Multiple Updates
2024-02-01 12:01:44
  • Multiple Updates
2023-09-05 12:03:02
  • Multiple Updates
2023-09-05 01:01:35
  • Multiple Updates
2023-09-02 12:03:03
  • Multiple Updates
2023-09-02 01:01:35
  • Multiple Updates
2023-08-12 12:03:38
  • Multiple Updates
2023-08-12 01:01:36
  • Multiple Updates
2023-08-11 12:03:10
  • Multiple Updates
2023-08-11 01:01:38
  • Multiple Updates
2023-08-06 12:02:57
  • Multiple Updates
2023-08-06 01:01:36
  • Multiple Updates
2023-08-04 12:03:01
  • Multiple Updates
2023-08-04 01:01:37
  • Multiple Updates
2023-07-14 12:03:00
  • Multiple Updates
2023-07-14 01:01:37
  • Multiple Updates
2023-03-29 01:03:07
  • Multiple Updates
2023-03-28 12:01:42
  • Multiple Updates
2022-10-11 12:02:40
  • Multiple Updates
2022-10-11 01:01:29
  • Multiple Updates
2021-05-04 12:03:08
  • Multiple Updates
2021-04-22 01:03:24
  • Multiple Updates
2021-02-06 12:01:43
  • Multiple Updates
2020-11-24 00:22:45
  • Multiple Updates
2020-05-23 00:16:46
  • Multiple Updates
2018-10-31 00:19:44
  • Multiple Updates
2016-10-18 12:01:45
  • Multiple Updates
2016-06-28 15:21:10
  • Multiple Updates
2016-04-26 13:45:27
  • Multiple Updates
2014-01-19 21:22:51
  • Multiple Updates
2013-05-11 11:30:38
  • Multiple Updates