Summary
The host is running Microsoft IIS Webserver with WebDAV Module and is prone to remote authentication bypass vulnerability.
Impact
Successful exploitation will let the attacker craft malicious UNICODE characters and send it over the context of IIS Webserver where WebDAV is enabled. As a result due to lack of security implementation check it will let the user fetch password protected directories without any valid authentications.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS09-020.mspx
Insight
Due to the wrong implementation of UNICODE characters support (WebDAV extension) for Microsoft IIS Server which fails to decode the requested URL properly.
Unicode character checks are being done after IIS Server internal security check, which lets the attacker execute any crafted UNICODE character in the HTTP requests to get information on any password protected directories without any authentication schema.
Affected
Microsoft Internet Information Services version 5.0 to 6.0
Workaround:
Disable WebDAV or Upgrade to Microsoft IIS 7.0
http://www.microsoft.com/technet/security/advisory/971492.mspx
References
- http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
- http://downloads.securityfocus.com/vulnerabilities/exploits/34993.rb
- http://downloads.securityfocus.com/vulnerabilities/exploits/34993.txt
- http://view.samurajdata.se/psview.php?id=023287d6&page=2
- http://www.microsoft.com/technet/security/advisory/971492.mspx
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1535 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities