CVE-2014-4078

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) versions 8.0 through 8.5

Description The IP Security feature in Microsoft Internet Information Services (IIS) does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list. This makes it easier for remote attackers to bypass an intended rule set via an HTTP request.

Recommendations For IIS versions 8.0 through 8.5, consider reconfiguring the "IP Address and Domain Restrictions" list to avoid using wildcard rules until a proper fix is available. As a temporary workaround, restrict access to sensitive areas of the web server to minimize the risk of exploitation.