CVE-2014-4078

EPSS 16.38%
Published 11.11.2014 22:55:04
Last modified 12.04.2025 10:46:40
Source secure@microsoft.com
Teams watchlist Login
Open Login

The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Information Services Version8.0

Microsoft ≫ Internet Information Services Version8.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	16.38%	0.946

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/bid/70937

http://www.securitytracker.com/id/1031194

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-076

https://nvd.nist.gov/vuln/detail/CVE-2014-4078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4078

EUVD