{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-22T00:00:00", "descriptions": [{"lang": "en", "value": "The \"hit-highlighting\" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "41091", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41091"}, {"name": "2725", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2725"}, {"name": "20070522 [ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/469238/100/0/threaded"}, {"name": "24105", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24105"}, {"name": "328832", "tags": ["vendor-advisory", "x_refsource_MSKB"], "url": "http://support.microsoft.com/kb/328832"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2815", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The \"hit-highlighting\" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "41091", "refsource": "OSVDB", "url": "http://osvdb.org/41091"}, {"name": "2725", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2725"}, {"name": "20070522 [ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/469238/100/0/threaded"}, {"name": "24105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24105"}, {"name": "328832", "refsource": "MSKB", "url": "http://support.microsoft.com/kb/328832"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:49:57.355Z"}, "title": "CVE Program Container", "references": [{"name": "41091", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/41091"}, {"name": "2725", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2725"}, {"name": "20070522 [ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/469238/100/0/threaded"}, {"name": "24105", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24105"}, {"name": "328832", "tags": ["vendor-advisory", "x_refsource_MSKB", "x_transferred"], "url": "http://support.microsoft.com/kb/328832"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2815", "datePublished": "2007-05-22T19:00:00", "dateReserved": "2007-05-22T00:00:00", "dateUpdated": "2024-08-07T13:49:57.355Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The \"hit-highlighting\" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw."}, {"lang": "es", "value": "La funcionalidad \"hit-highlighting\" en la biblioteca webhits.dll en el Servidor web versi\u00f3n 5.0 de Internet Information Services (IIS) de Microsoft solo usa la configuraci\u00f3n ACL de Windows NT, lo que permite a los atacantes remotos omitir los mecanismos de autenticaci\u00f3n b\u00e1sicos y NTLM y acceder a los directorios web privados por medio del par\u00e1metro CiWebhitsfile en null.htw."}], "id": "CVE-2007-2815", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-22T19:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/41091"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2725"}, {"source": "cve@mitre.org", "url": "http://support.microsoft.com/kb/328832"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/469238/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/41091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2725"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.microsoft.com/kb/328832"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/469238/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24105"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}