WebDAV Authentication Bypass in Microsoft Internet Information Services
CVE-2009-1535
Currently unrated
What is CVE-2009-1535?
The WebDAV extension in Microsoft Internet Information Services (IIS) versions 5.1 and 6.0 is susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to exploit URI-based protection mechanisms, enabling them to list directories and read, create, or modify files. By inserting the Unicode character %c0%af at various positions within a URI, malicious actors can circumvent directory password protections. This vulnerability underscores the need for careful handling of URI inputs in server configurations, specifically regarding WebDAV-enabled directories.