CVE-2007-2815

critical

Microsoft

CVSS v3 Base Score

10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

85.9%

Exploitation probability in 30 days

Top 1% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: May 22, 2007 (6931 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

CWE

CWE-264

Affected Products

microsoft internet information services

References

🔗 osvdb.org 🔗 securityreason.com 🔗 support.microsoft.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com

CVE-2007-2815

Vulnerability Report

Description

CWE

Affected Products

References