Intrusion Prevention

MS.IIS.WebHits.Remote.Authentication.Bypass

Description

This indicates an attempt to exploit an Authentication Bypass vulnerability in Microsoft IIS Web Server.
The vulnerability is in the "hit-highlighting" functionality in "webhits.dll". By exploiting this vulnerability, remote attackers may be able to access private information from an IIS site.

Affected Products

Microsoft IIS 5.0, 5.1.

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to Microsoft IIS version 6.0 or later.

CVE References

CVE-2007-2815