Vulnerability Description
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Services | 5.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/41091
- http://securityreason.com/securityalert/2725
- http://support.microsoft.com/kb/328832
- http://www.securityfocus.com/archive/1/469238/100/0/threaded
- http://www.securityfocus.com/bid/24105
- http://osvdb.org/41091
- http://securityreason.com/securityalert/2725
- http://support.microsoft.com/kb/328832
- http://www.securityfocus.com/archive/1/469238/100/0/threaded
- http://www.securityfocus.com/bid/24105
FAQ
What is CVE-2007-2815?
CVE-2007-2815 is a vulnerability with a CVSS score of 10.0 (HIGH). The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM...
How severe is CVE-2007-2815?
CVE-2007-2815 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2815?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Services.