CVE-2007-2815
First published: Tue May 22 2007(Updated: )
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services (IIS) | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-2815?
CVE-2007-2815 is classified as a medium severity vulnerability that can allow unauthorized access to private web directories.
How do I fix CVE-2007-2815?
To remediate CVE-2007-2815, ensure that proper access controls are enforced and consider applying security patches or upgrading from IIS 5.0.
What software is affected by CVE-2007-2815?
CVE-2007-2815 specifically affects Microsoft Internet Information Services version 5.0.
Can CVE-2007-2815 be exploited remotely?
Yes, CVE-2007-2815 can be exploited remotely by attackers to bypass authentication mechanisms.
What attack vectors exist for CVE-2007-2815?
Attack vectors for CVE-2007-2815 typically involve manipulating the CiWebhitsfile parameter to access restricted resources.
- agent/severity
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/event
- agent/author
- agent/weakness
- agent/references
- agent/description
- vendor/microsoft
- canonical/microsoft internet information services (iis)
- version/microsoft internet information services (iis)/5.0