Unrated severityNVD Advisory· Published Aug 14, 2001· Updated Jun 16, 2026
CVE-2001-0524
CVE-2001-0524
Description
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
Affected products
2- cpe:2.3:a:eeye_digital_security:securells:*:*:*:*:*:*:*:*Range: <=1.0.3
Patches
Vulnerability mechanics
References
3- archives.neohapsis.com/archives/bugtraq/2001-05/0185.htmlnvdExploitVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2001-05/0197.htmlnvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/6574nvd
News mentions
0No linked articles in our index yet.