CVE-2007-2815

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 22 May 2007

Summary

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

References

http://osvdb.org/41091

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/2725

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/469238/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

95% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 22, 2007
Vulnerability Reserved
May 22, 2007

Collectors

NVD DatabaseMitre Database