MS.IIS.WebHits.Authentication.Bypass
Description
This indicates an attempt to exploit an authentication-bypass vulnerability in Microsoft IIS Web Server.
The vulnerability is in the "hit-highlighting" functionality in webhits.dll. By exploiting this vulnerability, remote attackers may be able to access private information from an IIS site.
Affected Products
Microsoft IIS 5.0, 5.1.
Impact
Information Disclosure: remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Upgrade to Microsoft IIS version 6.0 or later.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |