Lucene search

PRIOn knowledge basePRION:CVE-2014-4078

HistoryNov 11, 2014 - 10:55 p.m.

Security feature bypass

2014-11-1122:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.4%

JSON

The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the “IP Address and Domain Restrictions” list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka “IIS Security Feature Bypass Vulnerability.”

CPENameOperatorVersion
internet_information_serviceseq8.5
internet_information_serviceseq8.0

CPE	Name	Operator	Version
	internet_information_services	eq	8.5
	internet_information_services	eq	8.0

References

www.securityfocus.com/bid/70937

www.securitytracker.com/id/1031194

docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-076

7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for PRION:CVE-2014-4078