CVE-2007-2815

high

Description

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

References

http://www.securityfocus.com/bid/24105

http://www.securityfocus.com/archive/1/469238/100/0/threaded

http://support.microsoft.com/kb/328832

http://securityreason.com/securityalert/2725

http://osvdb.org/41091

Details

Source: Mitre, NVD

Published: 2007-05-22

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High