WebDAV Authentication Bypass in Microsoft Internet Information Services
CVE-2009-1535

Currently unrated

Key Information:

Vendor

Microsoft
Status
Internet Information Services
Vendor
CVE Published:
10 June 2009

What is CVE-2009-1535?

The WebDAV extension in Microsoft Internet Information Services (IIS) versions 5.1 and 6.0 is susceptible to an authentication bypass vulnerability. This flaw allows remote attackers to exploit URI-based protection mechanisms, enabling them to list directories and read, create, or modify files. By inserting the Unicode character %c0%af at various positions within a URI, malicious actors can circumvent directory password protections. This vulnerability underscores the need for careful handling of URI inputs in server configurations, specifically regarding WebDAV-enabled directories.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://view.samurajdata.se/psview.php?id=023287d6&page=1
x_refsource_MISC

EPSS Score

91% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.