cvelistv5 - CVE-2009-1535

CVE-2009-1535 (GCVE-0-2009-1535)

Vulnerability from cvelistv5 – Published: 2009-06-10 14:00 – Updated: 2024-08-07 05:13

Summary

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://view.samurajdata.se/psview.php?id=023287d6…	x_refsource_MISC
	http://isc.sans.org/diary.html?n&storyid=6397	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://blog.zoller.lu/2009/05/iis-6-webdac-auth-b…	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA09-160A.html	third-party-advisoryx_refsource_CERT
	http://archives.neohapsis.com/archives/fulldisclo…	x_refsource_MISC
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.attrition.org/pipermail/vim/2009-June/…	mailing-listx_refsource_VIM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:13:25.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6029",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
          },
          {
            "name": "MS09-020",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
          },
          {
            "name": "20090515 IIS6 + webdav and unicode rides again in 2009",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
          },
          {
            "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
          },
          {
            "name": "TA09-160A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
          },
          {
            "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
          },
          {
            "name": "20090616 IIS WebDav Vulnerability CVE ID",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6029",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
        },
        {
          "name": "MS09-020",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
        },
        {
          "name": "20090515 IIS6 + webdav and unicode rides again in 2009",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
        },
        {
          "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
        },
        {
          "name": "TA09-160A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
        },
        {
          "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
        },
        {
          "name": "20090616 IIS WebDav Vulnerability CVE ID",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6029",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
            },
            {
              "name": "MS09-020",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
            },
            {
              "name": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1",
              "refsource": "MISC",
              "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
            },
            {
              "name": "http://isc.sans.org/diary.html?n\u0026storyid=6397",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
            },
            {
              "name": "20090515 IIS6 + webdav and unicode rides again in 2009",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
            },
            {
              "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
            },
            {
              "name": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html",
              "refsource": "MISC",
              "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
            },
            {
              "name": "TA09-160A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf",
              "refsource": "MISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
            },
            {
              "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
            },
            {
              "name": "20090616 IIS WebDav Vulnerability CVE ID",
              "refsource": "VIM",
              "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-1535",
    "datePublished": "2009-06-10T14:00:00",
    "dateReserved": "2009-05-05T00:00:00",
    "dateUpdated": "2024-08-07T05:13:25.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25100F8C-58A0-49D5-8247-8CCD099A734B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*\", \"matchCriteriaId\": \"C5D2C681-EB06-4B72-BD34-47AEE35CC227\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:-:*\", \"matchCriteriaId\": \"81E8A3CB-9110-4D65-BCAE-261FF7135544\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B4DF95D-B4B1-4FB6-9D27-A6D359EEACFA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*\", \"matchCriteriaId\": \"9F98AE07-3995-4501-9804-FEA5A87ADFAD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*\", \"matchCriteriaId\": \"A7371547-290D-4D0D-B98D-CA28B4D2E8B0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\", \"matchCriteriaId\": \"C6109348-BC79-4ED3-8D41-EA546A540C79\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \\\"/protected/\\\" initial pathname component to bypass the password protection on the protected\\\\ folder, aka \\\"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\\\" a different vulnerability than CVE-2009-1122.\"}, {\"lang\": \"es\", \"value\": \"La extensi\\u00f3n de WebDAV en Microsoft Internet Information Services (IIS) v5.1 y v6.0 permite a atacantes remotos eludir los mecanismos de protecci\\u00f3n basados en URL, y listar carpetas o leer, crear o modificar archivos, a trav\\u00e9s de un %c0%af (Unicode / car\\u00e1cter) en una posici\\u00f3n arbitraria en la URL, como se ha demostrado mediante la inserci\\u00f3n de %c0%af en la ruta inicial de componente \\\"/protected/\\\" para evitar la protecci\\u00f3n por contrase\\u00f1a en la carpeta protected\\\\ , alias \\\"IIS v5.1 y v6.0 Vulnerabilidad de evasi\\u00f3n de autenticaci\\u00f3n WebDAV\\\".\"}]",
      "id": "CVE-2009-1535",
      "lastModified": "2024-11-21T01:02:42.803",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-06-10T14:30:00.170",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://isc.sans.org/diary.html?n\u0026storyid=6397\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.attrition.org/pipermail/vim/2009-June/002192.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://isc.sans.org/diary.html?n\u0026storyid=6397\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.attrition.org/pipermail/vim/2009-June/002192.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1535\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-06-10T14:30:00.170\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \\\"/protected/\\\" initial pathname component to bypass the password protection on the protected\\\\ folder, aka \\\"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\\\" a different vulnerability than CVE-2009-1122.\"},{\"lang\":\"es\",\"value\":\"La extensi\u00f3n de WebDAV en Microsoft Internet Information Services (IIS) v5.1 y v6.0 permite a atacantes remotos eludir los mecanismos de protecci\u00f3n basados en URL, y listar carpetas o leer, crear o modificar archivos, a trav\u00e9s de un %c0%af (Unicode / car\u00e1cter) en una posici\u00f3n arbitraria en la URL, como se ha demostrado mediante la inserci\u00f3n de %c0%af en la ruta inicial de componente \\\"/protected/\\\" para evitar la protecci\u00f3n por contrase\u00f1a en la carpeta protected\\\\ , alias \\\"IIS v5.1 y v6.0 Vulnerabilidad de evasi\u00f3n de autenticaci\u00f3n WebDAV\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25100F8C-58A0-49D5-8247-8CCD099A734B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*\",\"matchCriteriaId\":\"C5D2C681-EB06-4B72-BD34-47AEE35CC227\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:-:*\",\"matchCriteriaId\":\"81E8A3CB-9110-4D65-BCAE-261FF7135544\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B4DF95D-B4B1-4FB6-9D27-A6D359EEACFA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*\",\"matchCriteriaId\":\"9F98AE07-3995-4501-9804-FEA5A87ADFAD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"A7371547-290D-4D0D-B98D-CA28B4D2E8B0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*\",\"matchCriteriaId\":\"C6109348-BC79-4ED3-8D41-EA546A540C79\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://isc.sans.org/diary.html?n\u0026storyid=6397\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.attrition.org/pipermail/vim/2009-June/002192.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://isc.sans.org/diary.html?n\u0026storyid=6397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.attrition.org/pipermail/vim/2009-June/002192.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-160A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTA-2009-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités ont été identifiées dans le serveur Web Microsoft Internet Information Services utilisé avec WebDAV. L'une d'elle a fait l'objet de l'alerte CERTA-2009-ALE-007.

L'exploitation par le biais de requêtes spécialement construites permet à une personne distante d'élever ses privilèges et de contourner des phases d'authentification mises en place.

Description

Des vulnérabilités ont été identifiées dans le serveur Web Microsoft Internet Information Services utilisé avec WebDAV. L'une d'elle a fait l'objet de l'alerte CERTA-2009-ALE-007.

L'exploitation par le biais de requêtes spécialement construites permet à une personne distante d'élever ses privilèges et de contourner des phases d'authe ntification mises en place.

Solution

Se référer au bulletin de sécurité Microsoft MS09-020 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Information Services 5.1 ;
Microsoft	N/A	Microsoft Internet Information Services 6.0.
Microsoft	N/A	Microsoft Internet Information Services 5.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-020 du 09 juin 2009	None	vendor-advisory
Alerte CERTA-2009-ALE-007 du 18 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Information Services 5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Information Services 6.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Information Services 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le serveur Web Microsoft\nInternet Information Services utilis\u00e9 avec WebDAV. L\u0027une d\u0027elle a fait\nl\u0027objet de l\u0027alerte CERTA-2009-ALE-007.\n\nL\u0027exploitation par le biais de requ\u00eates sp\u00e9cialement construites permet\n\u00e0 une personne distante d\u0027\u00e9lever ses privil\u00e8ges et de contourner des\nphases d\u0027authe ntification mises en place.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS09-020 pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1122"
    },
    {
      "name": "CVE-2009-1676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1676"
    },
    {
      "name": "CVE-2009-1535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1535"
    }
  ],
  "links": [
    {
      "title": "Alerte CERTA-2009-ALE-007 du 18 mai 2009\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-007/"
    }
  ],
  "reference": "CERTA-2009-AVI-215",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le serveur Web Microsoft\nInternet Information Services utilis\u00e9 avec WebDAV. L\u0027une d\u0027elle a fait\nl\u0027objet de l\u0027alerte CERTA-2009-ALE-007.\n\nL\u0027exploitation par le biais de requ\u00eates sp\u00e9cialement construites permet\n\u00e0 une personne distante d\u0027\u00e9lever ses privil\u00e8ges et de contourner des\nphases d\u0027authentification mises en place.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Internet Information Services (IIS)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-020 du 09 juin 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-020.mspx"
    }
  ]
}

CERTA-2009-AVI-215

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités ont été identifiées dans le serveur Web Microsoft Internet Information Services utilisé avec WebDAV. L'une d'elle a fait l'objet de l'alerte CERTA-2009-ALE-007.

L'exploitation par le biais de requêtes spécialement construites permet à une personne distante d'élever ses privilèges et de contourner des phases d'authentification mises en place.

Description

Des vulnérabilités ont été identifiées dans le serveur Web Microsoft Internet Information Services utilisé avec WebDAV. L'une d'elle a fait l'objet de l'alerte CERTA-2009-ALE-007.

L'exploitation par le biais de requêtes spécialement construites permet à une personne distante d'élever ses privilèges et de contourner des phases d'authe ntification mises en place.

Solution

Se référer au bulletin de sécurité Microsoft MS09-020 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Information Services 5.1 ;
Microsoft	N/A	Microsoft Internet Information Services 6.0.
Microsoft	N/A	Microsoft Internet Information Services 5.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS09-020 du 09 juin 2009	None	vendor-advisory
Alerte CERTA-2009-ALE-007 du 18 mai 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Information Services 5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Information Services 6.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Information Services 5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le serveur Web Microsoft\nInternet Information Services utilis\u00e9 avec WebDAV. L\u0027une d\u0027elle a fait\nl\u0027objet de l\u0027alerte CERTA-2009-ALE-007.\n\nL\u0027exploitation par le biais de requ\u00eates sp\u00e9cialement construites permet\n\u00e0 une personne distante d\u0027\u00e9lever ses privil\u00e8ges et de contourner des\nphases d\u0027authe ntification mises en place.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS09-020 pour l\u0027obtention\ndes correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1122"
    },
    {
      "name": "CVE-2009-1676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1676"
    },
    {
      "name": "CVE-2009-1535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1535"
    }
  ],
  "links": [
    {
      "title": "Alerte CERTA-2009-ALE-007 du 18 mai 2009\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ALE-007/"
    }
  ],
  "reference": "CERTA-2009-AVI-215",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le serveur Web Microsoft\nInternet Information Services utilis\u00e9 avec WebDAV. L\u0027une d\u0027elle a fait\nl\u0027objet de l\u0027alerte CERTA-2009-ALE-007.\n\nL\u0027exploitation par le biais de requ\u00eates sp\u00e9cialement construites permet\n\u00e0 une personne distante d\u0027\u00e9lever ses privil\u00e8ges et de contourner des\nphases d\u0027authentification mises en place.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Internet Information Services (IIS)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-020 du 09 juin 2009",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-020.mspx"
    }
  ]
}

GHSA-F2C7-QMX6-WQ66

Vulnerability from github – Published: 2022-05-02 03:26 – Updated: 2022-05-02 03:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1535"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-06-10T14:30:00Z",
    "severity": "HIGH"
  },
  "details": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122.",
  "id": "GHSA-f2c7-qmx6-wq66",
  "modified": "2022-05-02T03:26:06Z",
  "published": "2022-05-02T03:26:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1535"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
    },
    {
      "type": "WEB",
      "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
    },
    {
      "type": "WEB",
      "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
    },
    {
      "type": "WEB",
      "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-ALE-007

Vulnerability from certfr_alerte - Published: - Updated:

Une vulnérabilité a été identifiée dans Microsoft IIS avec la fonctionnalité WebDAV. Elle permet à une personne malveillante distante de contourner la phase d'authentification et ainsi accéder (lire, charger et télécharger) à des fichiers arbitraires.

Description

Une vulnérabilité a été identifiée dans la gestion des en-têtes HTTP par le serveur Microsoft IIS avec la fonctionnalité WebDAV (Web-based Distributed Authoring and Versioning). Elle consiste en une mauvaise manipulation de caractères Unicode et peut être exploitée pour contourner la phase d'authentification et ainsi accéder (lire, charger et télécharger) à des fichiers arbitraires.

Du code d'exploitation est disponible sur l'Internet.

Contournement provisoire

Plusieurs contournements sont envisageables dans l'attente d'un correctif :

si WebDAV n'est pas nécessaire, il doit être désactivé. C'est le cas par défaut sous IIS 6 ;
restreindre l'accès Web aux machines de confiance ;
filtrer les requêtes HTTP entrantes dont l'URL contient la chaîne %c0%af et l'en-tête HTTP présente l'information Translate: f. L'assistant IIS Lockdown et URLscan peuvent aider dans cette démarche, ainsi qu'une passerelle intermédiaire. Les méthodes inutiles doivent également être filtrées (PROPFIND par exemple). ;
changer les droits d'accès (ACL) du système de fichiers pour l'utilisateur anonyme IUSR_[Nom-de-la-machine] ;
migrer sous IIS 7 qui n'est pas, avec WebDAV, touché par cette vulnérabilité.

Solution

Se référer au bulletin de sécurité Microsoft MS09-020 pour l'obtention des correctifs (cf. section Documentation). Le CERTA a publié l'avis CERTA-2009-AVI-215 à ce sujet.

Microsoft Internet Information Services (IIS), pour les versions 5, 5.1 ou 6.0.

Microsoft Internet Information Services (IIS) 7.0 n'est pas affecté.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Forum IIS, "Disable WebDAV protocol on IIS 6.0", mai 2008 :	-	other
Référence CVE CVE-2009-1535 :	-	other
Page d'accueil Microsoft IIS :	-	other
Microsoft IIS Lockdown Tool :	-	other
Microsoft IIS Lockdown Tool :	-	other
Forum IIS, "Disable WebDAV protocol on IIS 6.0", mai 2008 :	-	other
Avis du CERTA CERTA-2001-AVI-053 du 15 mai 2001 :	-	other
Bloc-notes de T. Zoller, "IIS6 + WebDAV auth bypass and data upload", 16 mai 2009 :	-	other
Source d'informations sur WebDAV :	-	other
Avis de sécurité Microsoft 971492 du 18 mai 2009 :	-	other
Bloc-notes Microsoft SRD, "More information about the IIS authentication bypass", 18 mai 2009 :	-	other
Avis CERTA-2009-AVI-215 du 10 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Internet Information Services (IIS), pour les    versions 5, 5.1 ou 6.0.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eMicrosoft Internet Information Services (IIS) 7.0 n\u0027est pas  affect\u00e9.\u003c/P\u003e",
  "closed_at": "2009-06-10",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la gestion des en-t\u00eates HTTP par\nle serveur Microsoft IIS avec la fonctionnalit\u00e9 WebDAV (Web-based\nDistributed Authoring and Versioning). Elle consiste en une mauvaise\nmanipulation de caract\u00e8res Unicode et peut \u00eatre exploit\u00e9e pour\ncontourner la phase d\u0027authentification et ainsi acc\u00e9der (lire, charger\net t\u00e9l\u00e9charger) \u00e0 des fichiers arbitraires.\n\nDu code d\u0027exploitation est disponible sur l\u0027Internet.\n\n## Contournement provisoire\n\nPlusieurs contournements sont envisageables dans l\u0027attente d\u0027un\ncorrectif\u00a0:\n\n-   si WebDAV n\u0027est pas n\u00e9cessaire, il doit \u00eatre d\u00e9sactiv\u00e9. C\u0027est le cas\n    par d\u00e9faut sous IIS 6\u00a0;\n-   restreindre l\u0027acc\u00e8s Web aux machines de confiance\u00a0;\n-   filtrer les requ\u00eates HTTP entrantes dont l\u0027URL contient la cha\u00eene\n    %c0%af et l\u0027en-t\u00eate HTTP pr\u00e9sente l\u0027information Translate: f.\n    L\u0027assistant IIS Lockdown et URLscan peuvent aider dans cette\n    d\u00e9marche, ainsi qu\u0027une passerelle interm\u00e9diaire. Les m\u00e9thodes\n    inutiles doivent \u00e9galement \u00eatre filtr\u00e9es (PROPFIND par exemple).\u00a0;\n-   changer les droits d\u0027acc\u00e8s (ACL) du syst\u00e8me de fichiers pour\n    l\u0027utilisateur anonyme IUSR\\_\\[Nom-de-la-machine\\]\u00a0;\n-   migrer sous IIS 7 qui n\u0027est pas, avec WebDAV, touch\u00e9 par cette\n    vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS09-020 pour l\u0027obtention\ndes correctifs (cf. section Documentation). Le CERTA a publi\u00e9 l\u0027avis\nCERTA-2009-AVI-215 \u00e0 ce sujet.\n",
  "cves": [
    {
      "name": "CVE-2009-1535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1535"
    }
  ],
  "links": [
    {
      "title": "Forum IIS, \"Disable WebDAV protocol on IIS 6.0\", mai    2008\u00a0:",
      "url": "http://support.microsoft.com/kb/241520"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-1535\u00a0:",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1535"
    },
    {
      "title": "Page d\u0027accueil Microsoft IIS\u00a0:",
      "url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
    },
    {
      "title": "Microsoft IIS Lockdown Tool\u00a0:",
      "url": "http://technet.microsoft.com/en-us/library/dd450372.aspx"
    },
    {
      "title": "Microsoft IIS Lockdown Tool\u00a0:",
      "url": "http://support.microsoft.com/kb/325864/fr"
    },
    {
      "title": "Forum IIS, \"Disable WebDAV protocol on IIS 6.0\", mai    2008\u00a0:",
      "url": "http://forums.iis.net/t/1149348.aspx"
    },
    {
      "title": "Avis du CERTA CERTA-2001-AVI-053 du 15 mai 2001\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2001-AVI-053/"
    },
    {
      "title": "Bloc-notes de T. Zoller, \"IIS6 + WebDAV auth bypass and    data upload\", 16 mai 2009\u00a0:",
      "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
    },
    {
      "title": "Source d\u0027informations sur WebDAV\u00a0:",
      "url": "http://www.webdav.org"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 971492 du 18 mai 2009\u00a0:",
      "url": "http://www.microsoft.com/technet/security/advisory/971492.mspx"
    },
    {
      "title": "Bloc-notes Microsoft SRD, \"More information about the IIS    authentication bypass\", 18 mai 2009\u00a0:",
      "url": "http://blogs.technet.com/srd/archive/2009/05/18/more-information-about-the-iis-authentication-bypass.aspx"
    },
    {
      "title": "Avis CERTA-2009-AVI-215 du 10 juin 2009\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-215/"
    }
  ],
  "reference": "CERTA-2009-ALE-007",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-18T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence \u00e0 l\u0027avis de s\u00e9curit\u00e9 Microsoft associ\u00e9.",
      "revision_date": "2009-05-19T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Microsoft MS09-020.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft IIS avec la\nfonctionnalit\u00e9 WebDAV. Elle permet \u00e0 une personne malveillante distante\nde contourner la phase d\u0027authentification et ainsi acc\u00e9der (lire,\ncharger et t\u00e9l\u00e9charger) \u00e0 des fichiers arbitraires.\n",
  "title": "Vuln\u00e9rabilit\u00e9 WebDAV sous Microsoft IIS",
  "vendor_advisories": []
}

CERTA-2009-ALE-007

Vulnerability from certfr_alerte - Published: - Updated:

Description

Du code d'exploitation est disponible sur l'Internet.

Contournement provisoire

Plusieurs contournements sont envisageables dans l'attente d'un correctif :

si WebDAV n'est pas nécessaire, il doit être désactivé. C'est le cas par défaut sous IIS 6 ;
restreindre l'accès Web aux machines de confiance ;
filtrer les requêtes HTTP entrantes dont l'URL contient la chaîne %c0%af et l'en-tête HTTP présente l'information Translate: f. L'assistant IIS Lockdown et URLscan peuvent aider dans cette démarche, ainsi qu'une passerelle intermédiaire. Les méthodes inutiles doivent également être filtrées (PROPFIND par exemple). ;
changer les droits d'accès (ACL) du système de fichiers pour l'utilisateur anonyme IUSR_[Nom-de-la-machine] ;
migrer sous IIS 7 qui n'est pas, avec WebDAV, touché par cette vulnérabilité.

Solution

Se référer au bulletin de sécurité Microsoft MS09-020 pour l'obtention des correctifs (cf. section Documentation). Le CERTA a publié l'avis CERTA-2009-AVI-215 à ce sujet.

Microsoft Internet Information Services (IIS), pour les versions 5, 5.1 ou 6.0.

Microsoft Internet Information Services (IIS) 7.0 n'est pas affecté.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Forum IIS, "Disable WebDAV protocol on IIS 6.0", mai 2008 :	-	other
Référence CVE CVE-2009-1535 :	-	other
Page d'accueil Microsoft IIS :	-	other
Microsoft IIS Lockdown Tool :	-	other
Microsoft IIS Lockdown Tool :	-	other
Forum IIS, "Disable WebDAV protocol on IIS 6.0", mai 2008 :	-	other
Avis du CERTA CERTA-2001-AVI-053 du 15 mai 2001 :	-	other
Bloc-notes de T. Zoller, "IIS6 + WebDAV auth bypass and data upload", 16 mai 2009 :	-	other
Source d'informations sur WebDAV :	-	other
Avis de sécurité Microsoft 971492 du 18 mai 2009 :	-	other
Bloc-notes Microsoft SRD, "More information about the IIS authentication bypass", 18 mai 2009 :	-	other
Avis CERTA-2009-AVI-215 du 10 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Internet Information Services (IIS), pour les    versions 5, 5.1 ou 6.0.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eMicrosoft Internet Information Services (IIS) 7.0 n\u0027est pas  affect\u00e9.\u003c/P\u003e",
  "closed_at": "2009-06-10",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la gestion des en-t\u00eates HTTP par\nle serveur Microsoft IIS avec la fonctionnalit\u00e9 WebDAV (Web-based\nDistributed Authoring and Versioning). Elle consiste en une mauvaise\nmanipulation de caract\u00e8res Unicode et peut \u00eatre exploit\u00e9e pour\ncontourner la phase d\u0027authentification et ainsi acc\u00e9der (lire, charger\net t\u00e9l\u00e9charger) \u00e0 des fichiers arbitraires.\n\nDu code d\u0027exploitation est disponible sur l\u0027Internet.\n\n## Contournement provisoire\n\nPlusieurs contournements sont envisageables dans l\u0027attente d\u0027un\ncorrectif\u00a0:\n\n-   si WebDAV n\u0027est pas n\u00e9cessaire, il doit \u00eatre d\u00e9sactiv\u00e9. C\u0027est le cas\n    par d\u00e9faut sous IIS 6\u00a0;\n-   restreindre l\u0027acc\u00e8s Web aux machines de confiance\u00a0;\n-   filtrer les requ\u00eates HTTP entrantes dont l\u0027URL contient la cha\u00eene\n    %c0%af et l\u0027en-t\u00eate HTTP pr\u00e9sente l\u0027information Translate: f.\n    L\u0027assistant IIS Lockdown et URLscan peuvent aider dans cette\n    d\u00e9marche, ainsi qu\u0027une passerelle interm\u00e9diaire. Les m\u00e9thodes\n    inutiles doivent \u00e9galement \u00eatre filtr\u00e9es (PROPFIND par exemple).\u00a0;\n-   changer les droits d\u0027acc\u00e8s (ACL) du syst\u00e8me de fichiers pour\n    l\u0027utilisateur anonyme IUSR\\_\\[Nom-de-la-machine\\]\u00a0;\n-   migrer sous IIS 7 qui n\u0027est pas, avec WebDAV, touch\u00e9 par cette\n    vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS09-020 pour l\u0027obtention\ndes correctifs (cf. section Documentation). Le CERTA a publi\u00e9 l\u0027avis\nCERTA-2009-AVI-215 \u00e0 ce sujet.\n",
  "cves": [
    {
      "name": "CVE-2009-1535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1535"
    }
  ],
  "links": [
    {
      "title": "Forum IIS, \"Disable WebDAV protocol on IIS 6.0\", mai    2008\u00a0:",
      "url": "http://support.microsoft.com/kb/241520"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-1535\u00a0:",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1535"
    },
    {
      "title": "Page d\u0027accueil Microsoft IIS\u00a0:",
      "url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
    },
    {
      "title": "Microsoft IIS Lockdown Tool\u00a0:",
      "url": "http://technet.microsoft.com/en-us/library/dd450372.aspx"
    },
    {
      "title": "Microsoft IIS Lockdown Tool\u00a0:",
      "url": "http://support.microsoft.com/kb/325864/fr"
    },
    {
      "title": "Forum IIS, \"Disable WebDAV protocol on IIS 6.0\", mai    2008\u00a0:",
      "url": "http://forums.iis.net/t/1149348.aspx"
    },
    {
      "title": "Avis du CERTA CERTA-2001-AVI-053 du 15 mai 2001\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2001-AVI-053/"
    },
    {
      "title": "Bloc-notes de T. Zoller, \"IIS6 + WebDAV auth bypass and    data upload\", 16 mai 2009\u00a0:",
      "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
    },
    {
      "title": "Source d\u0027informations sur WebDAV\u00a0:",
      "url": "http://www.webdav.org"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 971492 du 18 mai 2009\u00a0:",
      "url": "http://www.microsoft.com/technet/security/advisory/971492.mspx"
    },
    {
      "title": "Bloc-notes Microsoft SRD, \"More information about the IIS    authentication bypass\", 18 mai 2009\u00a0:",
      "url": "http://blogs.technet.com/srd/archive/2009/05/18/more-information-about-the-iis-authentication-bypass.aspx"
    },
    {
      "title": "Avis CERTA-2009-AVI-215 du 10 juin 2009\u00a0:",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-215/"
    }
  ],
  "reference": "CERTA-2009-ALE-007",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-05-18T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence \u00e0 l\u0027avis de s\u00e9curit\u00e9 Microsoft associ\u00e9.",
      "revision_date": "2009-05-19T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Microsoft MS09-020.",
      "revision_date": "2009-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft IIS avec la\nfonctionnalit\u00e9 WebDAV. Elle permet \u00e0 une personne malveillante distante\nde contourner la phase d\u0027authentification et ainsi acc\u00e9der (lire,\ncharger et t\u00e9l\u00e9charger) \u00e0 des fichiers arbitraires.\n",
  "title": "Vuln\u00e9rabilit\u00e9 WebDAV sous Microsoft IIS",
  "vendor_advisories": []
}

GSD-2009-1535

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1535

Aliases

CVE-2009-1535

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1535",
    "description": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122.",
    "id": "GSD-2009-1535"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1535"
      ],
      "details": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122.",
      "id": "GSD-2009-1535",
      "modified": "2023-12-13T01:19:47.936151Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-1535",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:6029",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
          },
          {
            "name": "MS09-020",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
          },
          {
            "name": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1",
            "refsource": "MISC",
            "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
          },
          {
            "name": "http://isc.sans.org/diary.html?n\u0026storyid=6397",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
          },
          {
            "name": "20090515 IIS6 + webdav and unicode rides again in 2009",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
          },
          {
            "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
          },
          {
            "name": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html",
            "refsource": "MISC",
            "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
          },
          {
            "name": "TA09-160A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
          },
          {
            "name": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf",
            "refsource": "MISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
          },
          {
            "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
          },
          {
            "name": "20090616 IIS WebDav Vulnerability CVE ID",
            "refsource": "VIM",
            "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:-:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-1535"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
            },
            {
              "name": "http://isc.sans.org/diary.html?n\u0026storyid=6397",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
            },
            {
              "name": "20090515 IIS6 + webdav and unicode rides again in 2009",
              "refsource": "FULLDISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
            },
            {
              "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
              "refsource": "FULLDISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
            },
            {
              "name": "20090515 Re: IIS6 + webdav and unicode rides again in 2009",
              "refsource": "FULLDISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
            },
            {
              "name": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
            },
            {
              "name": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
            },
            {
              "name": "20090616 IIS WebDav Vulnerability CVE ID",
              "refsource": "VIM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
            },
            {
              "name": "TA09-160A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6029",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
            },
            {
              "name": "MS09-020",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-11-23T20:01Z",
      "publishedDate": "2009-06-10T14:30Z"
    }
  }
}

FKIE_CVE-2009-1535

Vulnerability from fkie_nvd - Published: 2009-06-10 14:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html	Broken Link
secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html	Broken Link
secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html	Broken Link
secure@microsoft.com	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf	Broken Link
secure@microsoft.com	http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html	Third Party Advisory
secure@microsoft.com	http://isc.sans.org/diary.html?n&storyid=6397	Third Party Advisory
secure@microsoft.com	http://view.samurajdata.se/psview.php?id=023287d6&page=1	Broken Link
secure@microsoft.com	http://www.attrition.org/pipermail/vim/2009-June/002192.html	Third Party Advisory
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-160A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.html?n&storyid=6397	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://view.samurajdata.se/psview.php?id=023287d6&page=1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.attrition.org/pipermail/vim/2009-June/002192.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-160A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	internet_information_services	5.1
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	internet_information_services	6.0
microsoft	windows_server_2003	-
microsoft	windows_server_2003	-
microsoft	windows_server_2003	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25100F8C-58A0-49D5-8247-8CCD099A734B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*",
              "matchCriteriaId": "C5D2C681-EB06-4B72-BD34-47AEE35CC227",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:professional:*:-:*",
              "matchCriteriaId": "81E8A3CB-9110-4D65-BCAE-261FF7135544",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B4DF95D-B4B1-4FB6-9D27-A6D359EEACFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*",
              "matchCriteriaId": "9F98AE07-3995-4501-9804-FEA5A87ADFAD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "A7371547-290D-4D0D-B98D-CA28B4D2E8B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*",
              "matchCriteriaId": "C6109348-BC79-4ED3-8D41-EA546A540C79",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a \"/protected/\" initial pathname component to bypass the password protection on the protected\\ folder, aka \"IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability,\" a different vulnerability than CVE-2009-1122."
    },
    {
      "lang": "es",
      "value": "La extensi\u00f3n de WebDAV en Microsoft Internet Information Services (IIS) v5.1 y v6.0 permite a atacantes remotos eludir los mecanismos de protecci\u00f3n basados en URL, y listar carpetas o leer, crear o modificar archivos, a trav\u00e9s de un %c0%af (Unicode / car\u00e1cter) en una posici\u00f3n arbitraria en la URL, como se ha demostrado mediante la inserci\u00f3n de %c0%af en la ruta inicial de componente \"/protected/\" para evitar la protecci\u00f3n por contrase\u00f1a en la carpeta protected\\ , alias \"IIS v5.1 y v6.0 Vulnerabilidad de evasi\u00f3n de autenticaci\u00f3n WebDAV\"."
    }
  ],
  "id": "CVE-2009-1535",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-10T14:30:00.170",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.html?n\u0026storyid=6397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://view.samurajdata.se/psview.php?id=023287d6\u0026page=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.attrition.org/pipermail/vim/2009-June/002192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1535 (GCVE-0-2009-1535)

CERTA-2009-AVI-215

Description

Solution

CERTA-2009-AVI-215

Description

Solution

GHSA-F2C7-QMX6-WQ66

CERTA-2009-ALE-007

Description

Contournement provisoire

Solution

CERTA-2009-ALE-007

Description

Contournement provisoire

Solution

GSD-2009-1535

FKIE_CVE-2009-1535

Tags

Sightings

Nomenclature