ByteOS Network

NVD Vulnerability Details :

CVE-2007-2815

Modified

Source-cve@mitre.org

Published At-22 May, 2007 | 19:30

Updated At-16 Oct, 2018 | 16:45

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Microsoft Corporation

>>internet_information_services>>5.0

cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://osvdb.org/41091	cve@mitre.org	N/A
http://securityreason.com/securityalert/2725	cve@mitre.org	N/A
http://support.microsoft.com/kb/328832	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/469238/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/24105	cve@mitre.org	N/A