CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-4078

The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.187

EPSS Ranking 95.0%

CVSS Severity

CVSS v2 Score 5.1

References

http://www.securityfocus.com/bid/70937
http://www.securitytracker.com/id/1031194
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-076
http://www.securityfocus.com/bid/70937
http://www.securitytracker.com/id/1031194
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-076

Products affected by CVE-2014-4078

Microsoft » Internet Information Services » Version: 8.0

cpe:2.3:a:microsoft:internet_information_services:8.0
Microsoft » Internet Information Services » Version: 8.5

cpe:2.3:a:microsoft:internet_information_services:8.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-4078

Products

Pricing

Contact Us