The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
References
Configurations
History
21 Nov 2024, 00:31
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/41091 - | |
References | () http://securityreason.com/securityalert/2725 - | |
References | () http://support.microsoft.com/kb/328832 - | |
References | () http://www.securityfocus.com/archive/1/469238/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/24105 - |
Information
Published : 2007-05-22 19:30
Updated : 2024-11-21 00:31
NVD link : CVE-2007-2815
Mitre link : CVE-2007-2815
CVE.ORG link : CVE-2007-2815
JSON object : View
Products Affected
microsoft
- internet_information_services
CWE
CWE-264
Permissions, Privileges, and Access Controls