Description

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.

Remediation

References

CVE-2009-1535

Related Vulnerabilities

WordPress Plugin Ajax Store Locator SQL Injection (1.2.0)

MySQL CVE-2021-35618 Vulnerability (CVE-2021-35618)

Microsoft SQL Server CVE-2023-32025 Vulnerability (CVE-2023-32025)

WordPress Plugin myLinksDump 'url' Parameter SQL Injection (1.2)

WordPress Plugin AllWebMenus WordPress Menu 'abspath' Parameter Remote File Include (1.1.3)

Severity

High

Classification

CVE-2009-1535 CWE-287

Tags

Missing Update Known Vulnerabilities