WebDAV Authentication Bypass in Microsoft Internet Information Services
CVE-2009-1535

Currently unrated

Key Information:

Vendor

Microsoft

Vendor
CVE Published:
10 June 2009

What is CVE-2009-1535?

The WebDAV extension in Microsoft Internet Information Services (IIS) versions 5.1 and 6.0 is susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to exploit URI-based protection mechanisms, enabling them to list directories and read, create, or modify files. By inserting the Unicode character %c0%af at various positions within a URI, malicious actors can circumvent directory password protections. This vulnerability underscores the need for careful handling of URI inputs in server configurations, specifically regarding WebDAV-enabled directories.

References

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2009-1535 : WebDAV Authentication Bypass in Microsoft Internet Information Services