Unrated severityNVD Advisory· Published May 22, 2007· Updated Apr 23, 2026

CVE-2007-2815

Description

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

Affected products

Microsoft/Internet Information Services
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/41091nvd
securityreason.com/securityalert/2725nvd
support.microsoft.com/kb/328832nvd
www.securityfocus.com/archive/1/469238/100/0/threadednvd
www.securityfocus.com/bid/24105nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.069
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000