PT-2009-3687 · Microsoft · Internet Information Services+2

Yamata Li

·

Publicado

2009-06-10

·

Atualizado

2020-11-23

·

CVE-2009-1122

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4
Description The issue concerns the WebDAV extension in Microsoft Internet Information Services (IIS) 5.0, which fails to properly decode URLs. This allows remote attackers to bypass authentication and potentially read or create files by sending a crafted HTTP request.
Recommendations For Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4, consider disabling the WebDAV extension as a temporary workaround until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2009-1122

Produtos afetados

Internet Information Services
Webdav
Windows 2000