CVE-2009-1535

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:-:*

Configuration 2 (hide)

AND
cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*
cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

Information

Published : 2009-06-10 07:30

Updated : 2020-11-23 12:01


NVD link : CVE-2009-1535

Mitre link : CVE-2009-1535


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

microsoft

  • windows_xp
  • internet_information_services
  • windows_server_2003