CVE-2007-2815

Sažetak

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

Reference

http://osvdb.org/41091
http://securityreason.com/securityalert/2725
http://support.microsoft.com/kb/328832
http://www.securityfocus.com/archive/1/469238/100/0/threaded
http://www.securityfocus.com/bid/24105

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:45

Objavljeno

22-05-2007 - 19:30