2002-03-09 10:00:00
mitre
PUBLISHED
IIS 4.0 does not properly restrict access for the initial session request from a users IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.