The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
References
Link | Resource |
---|---|
http://www.attrition.org/pipermail/vim/2009-June/002192.html | Third Party Advisory |
http://www.securityfocus.com/bid/35232 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1022358 | Third Party Advisory VDB Entry |
http://www.us-cert.gov/cas/techalerts/TA09-160A.html | Third Party Advisory US Government Resource |
http://www.vupen.com/english/advisories/2009/1539 | Third Party Advisory |
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020 | Patch Vendor Advisory |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5861 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2009-06-10 18:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-1122
Mitre link : CVE-2009-1122
CVE.ORG link : CVE-2009-1122
JSON object : View
Products Affected
microsoft
- windows_2000
- internet_information_services
CWE
CWE-287
Improper Authentication