10
CVE-2007-2815
- EPSS 73.35%
- Veröffentlicht 22.05.2007 19:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Information Services Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 73.35% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://osvdb.org/41091
http://securityreason.com/securityalert/2725
http://support.microsoft.com/kb/328832
http://www.securityfocus.com/archive/1/469238/100/0/threaded
http://www.securityfocus.com/bid/24105