7.5
CVE-2007-2897
- EPSS 74.02%
- Veröffentlicht 30.05.2007 10:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic); and might allow attackers with physical access to execute arbitrary code after connecting a data stream to a device COM port; via requests for a URI containing a '/' immediately before and after the name of a DOS device, as demonstrated by the /AUX/.aspx URI, which bypasses a blacklist for DOS device requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Information Server Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.02% | 0.994 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0419.html
http://seclists.org/fulldisclosure/2007/May/0378.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/34418