What is CVE-2014-4078?

CVE-2014-4078 is a vulnerability in Microsoft Internet_information_services, classified under CWE-264. Published 2014-11-11.

Is CVE-2014-4078 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Internet_information_services

CVE-2014-4078

The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote…

EPSS: 0.104 (93.4th percentile) — read the EPSS interpretation.

Affected products

Microsoft Internet_information_services — versions 8.0, 8.5
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

ARPSyndicate/cve-scores
aRustyDev/C844
aminaslami/Wireshark-Mustso-Final-Raporu
burakd81/bsvg
memmedrehimzade/CVEcheck

References

MS14-076 (x_refsource_MS, vendor-advisory)
70937 (vdb-entry, x_refsource_BID)
1031194 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2014-4078?: CVE-2014-4078 is a vulnerability in Microsoft Internet_information_services, classified under CWE-264. Published 2014-11-11.
Is CVE-2014-4078 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.