CVE-2014-4078
Description
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the IP Address and Domain Restrictions list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka IIS Security Feature Bypass Vulnerability.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
13.454
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ms14-076: vulnerability in internet information services (iis) could allow security feature bypass: november 11, 2014 for Windows 8 (KB2982998) | Windows |
| ms14-076: vulnerability in internet information services (iis) could allow security feature bypass: november 11, 2014 for Windows 8.1 (KB2982998) | Windows |
| ms14-076: vulnerability in internet information services (iis) could allow security feature bypass: november 11, 2014 for Windows 8 for x64-based Systems (KB2982998) | Windows |
| ms14-076: vulnerability in internet information services (iis) could allow security feature bypass: november 11, 2014 for Windows Server 2012 (KB2982998) | Windows |
| ms14-076: vulnerability in internet information services (iis) could allow security feature bypass: november 11, 2014 for Windows 8.1 for x64-based Systems (KB2982998) | Windows |
| ms14-076: vulnerability in internet information services (iis) could allow security feature bypass: november 11, 2014 for Windows Server 2012 R2 (KB2982998) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-16517 | Security Update for Windows 8 (KB2982998) |
| PATCH-16518 | Security Update for Windows 8.1 (KB2982998) |
| PATCH-16519 | Security Update for Windows 8 for x64-based Systems (KB2982998) |
| PATCH-16520 | Security Update for Windows Server 2012 (KB2982998) |
| PATCH-16521 | Security Update for Windows 8.1 for x64-based Systems (KB2982998) |
| PATCH-16522 | Security Update for Windows Server 2012 R2 (KB2982998) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234