Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Internet Information Services Permissions Privileges and Access Controls Vulnerability - CVE-2014-4078 - Vulnerability Database
Internet Information Services

Internet Information Services Permissions Privileges and Access Controls Vulnerability - CVE-2014-4078

Medium
Reference: CVE-2014-4078
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-4078
Title: Internet Information Services Permissions Privileges and Access Controls Vulnerability
Overview:

The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the quotIP Address and Domain Restrictionsquot list which makes it easier for remote attackers to bypass an intended rule set via an HTTP request aka quotIIS Security Feature Bypass Vulnerability.quot