Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Internet Information Service (IIS) - Remote hacker automatic data theft

Version: At least version 5.0
Technical Details:

Internet Information Service (IIS) is vulnerable to an authentication bypass attack that can be carried out by targeting the hit highlight feature of the software. By targeting a file that doesn't exist, then using features of the hit highlight feature, it is possible for an attacker to bypass the basic authentication protection.


Microsoft's web server software (IIS) has been found to be vulnerable to an attack that will allow a remote attacker to bypass the basic authentication settings. This could be used by a remote attacker to gain access to sensitive areas of hosted sites, potentially allowing for reconfiguration of the server or leverage of other vulnerabilities within the site software.


Consider upgrading to IIS 6.0 or later, or consider installing and running an alternative web server (such as Apache).




External Tracking Data:

CVE-ID: CVE-2007-2815

Social bookmark this page