CVE-2014-4078

EPSS 16.38%
Veröffentlicht 11.11.2014 22:55:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Internet Information Services Version8.0

Microsoft ≫ Internet Information Services Version8.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	16.38%	0.946

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/bid/70937

http://www.securitytracker.com/id/1031194

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-076

https://nvd.nist.gov/vuln/detail/CVE-2014-4078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4078

EUVD