CVE-2007-2815

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) Web Server version 5.0

Description The issue concerns the "hit-highlighting" functionality in webhits.dll, which only uses Windows NT ACL configuration. This allows remote attackers to bypass NTLM and basic authentication mechanisms, accessing private web directories via the CiWebhitsfile parameter to null.htw.

Recommendations For Microsoft Internet Information Services (IIS) Web Server version 5.0, consider restricting access to the CiWebhitsfile parameter in the null.htw file to minimize the risk of exploitation. Additionally, review and adjust the Windows NT ACL configuration to ensure proper access controls are in place.