Authentication Bypass in Microsoft IIS 5.0 WebDAV Extension
CVE-2009-1122

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 10 June 2009

Summary

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 Service Pack 4 has a flaw in the way it decodes URLs. This vulnerability allows remote attackers to bypass authentication mechanisms, potentially enabling unauthorized access to read or create files on the server through specially crafted HTTP requests. This significant security issue can expose sensitive information and compromise the integrity of the server's files.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securitytracker.com/id?1022358

vdb-entryx_refsource_SECTRACK

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

92% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 10, 2009
Vulnerability Reserved
Mar 25, 2009