Microsoft IIS Security Bypass Vulnerabilities
Summary
Credit:
The information has been provided by Microsoft.
Details
Vulnerable Systems:
* Microsoft Internet Information Services (IIS) 8.0 and 8.5
Immune Systems:
* Microsoft Internet Information Services (IIS) after 8.5
Microsoft Internet Information Services (IIS) could allow a remote attacker to bypass security restrictions, caused by improper filtering of incoming web requests. By controlling the DNS response to the webserver, an attacker could send a specially crafted web request to bypass the IP and domain restrictions and access the website.
CVE Information:
CVE-2014-4078
Disclosure Timeline:
Original release date: 11/11/2014
Last revised: 12/31/2014