Rapid7 Vulnerability & Exploit Database

Microsoft Internet Information Services WebDAV Request Directory Security Bypass

Back to Search

Microsoft Internet Information Services WebDAV Request Directory Security Bypass

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
05/18/2009
Created
07/25/2018
Added
05/21/2009
Modified
11/26/2020

Description

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

Solution(s)

  • WINDOWS-HOTFIX-MS09-020-bd0ec865-6d9a-4d2b-b1e7-0cee9db00b92
  • WINDOWS-HOTFIX-MS09-020-f05512bb-b905-44c9-9cd5-816b25cc2c3c
  • WINDOWS-HOTFIX-MS09-020-dbafc532-1703-4b88-8fb6-740d9d1fc87f
  • WINDOWS-HOTFIX-MS09-020-fa6938c9-6bd4-4b76-9fe4-b75e542cfef0
  • WINDOWS-HOTFIX-MS09-020-a84d4993-6fe4-4108-95b7-668dddb2dad9
  • WINDOWS-HOTFIX-MS09-020-359023ff-f937-4b22-9bc8-ff8eec7d4baf
  • fix-http-webdav-bypass-auth-unicode

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;