CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-2815

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile31.35th
Published2007年5月22日
Last Modified2026年4月23日

Vulnerability Description

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

Affected Platforms (CPE)

📦
Microsoft

Internet Information Services

= 5.0

References & Advisories

🔗 http://osvdb.org/41091
🔗 http://securityreason.com/securityalert/2725
🔗 http://support.microsoft.com/kb/328832
🔗 http://www.securityfocus.com/archive/1/469238/100/0/threaded
🔗 http://www.securityfocus.com/bid/24105
🔗 http://osvdb.org/41091
🔗 http://securityreason.com/securityalert/2725
🔗 http://support.microsoft.com/kb/328832

相关漏洞威胁

CVE-2006-634610.0

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier...

CVE-2007-249410.0

Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers ...

CVE-2003-022410.0

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code vi...

CVE-2008-007510.0

Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbi...