CVE-2007-2815

CVE Database · CVE-2007-2815

CVE-2007-2815

· N/AModified

CVSS v3.1

N/A

EPSS

73.35%

Published

May 22, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft IIS 5.1 - Hit Highlighting Authentication Bypass TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

Weaknesses (CWE)

CWE-264

Affected Products (1)

microsoft · internet_information_servicesvulnerable

References (10)

http://osvdb.org/41091

http://securityreason.com/securityalert/2725

http://support.microsoft.com/kb/328832

http://www.securityfocus.com/archive/1/469238/100/0/threaded

http://www.securityfocus.com/bid/24105

http://osvdb.org/41091

http://securityreason.com/securityalert/2725

http://support.microsoft.com/kb/328832

http://www.securityfocus.com/archive/1/469238/100/0/threaded

http://www.securityfocus.com/bid/24105

KEV Catalog EPSS Scores Vendors All CVEs