The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: microsoft
Published: 2014-11-11T22:00:00
Updated: 2024-08-06T11:04:28.342Z
Reserved: 2014-06-12T00:00:00
Link: CVE-2014-4078
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-11-11T22:55:04.670
Modified: 2024-11-21T02:09:27.917
Link: CVE-2014-4078
Redhat
No data.