Vulnerability in N/a

CVE-2007-2815

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms an…

EPSS: 0.859 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

41091 (x_refsource_OSVDB, vdb-entry)
2725 (x_refsource_SREASON, third-party-advisory)
20070522 [ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass (mailing-list, x_refsource_BUGTRAQ)
24105 (vdb-entry, x_refsource_BID)
328832 (vendor-advisory, x_refsource_MSKB)