PT-2009-3687 · Microsoft · Internet Information Services+2

Yamata Li

Published

2009-06-10

Updated

2020-11-23

CVE-2009-1122

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4

Description The issue concerns the WebDAV extension in Microsoft Internet Information Services (IIS) 5.0, which fails to properly decode URLs. This allows remote attackers to bypass authentication and potentially read or create files by sending a crafted HTTP request.

Recommendations For Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4, consider disabling the WebDAV extension as a temporary workaround until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-1122

Affected Products

Internet Information Services

Webdav

Windows 2000

PT-2009-3687 · Microsoft · Internet Information Services+2

CVE-2009-1122

Weakness Enumeration

Related Identifiers

Affected Products

References · 16