CVE-2009-1535

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services (IIS) versions 5.1 through 6.0

Description: The issue allows remote attackers to bypass protection mechanisms and access or modify files. This can be achieved by inserting a specific Unicode character at an arbitrary position in the URI. For example, inserting %c0%af into a /protected/ initial pathname component can bypass password protection on the protected folder.

Recommendations: For Microsoft Internet Information Services (IIS) versions 5.1 through 6.0, consider disabling the WebDAV extension until a patch is available to prevent bypassing of URI-based protection mechanisms. Restrict access to sensitive folders and files to minimize the risk of exploitation. Avoid using the WebDAV extension for sensitive operations until the issue is resolved.