Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-1122 | First vendor Publication | 2009-06-10 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1122 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-287 | Improper Authentication |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5861 | |||
| Oval ID: | oval:org.mitre.oval:def:5861 | ||
| Title: | IIS 5.0 WebDAV Authentication Bypass Vulnerability | ||
| Description: | The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1122 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Information Server 5.0 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-06-10 | Name : Microsoft IIS Security Bypass Vulnerability (970483) File : nvt/secpod_ms09-020.nasl |
| 2009-05-20 | Name : Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability File : nvt/secpod_ms_iis_webdav_auth_bypass_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 56474 | Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-06-11 | IAVM : 2009-B-0022 - Multiple vulnerabilities in Microsoft Internet Information Services (IIS) Severity : Category II - VMSKEY : V0019400 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow RuleID : 17527 - Revision : 11 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass RuleID : 17525 - Revision : 9 - Type : SERVER-IIS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-06-10 | Name : It is possible to bypass authentication on the remote web server. File : smb_nt_ms09-020.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:11:06 |
|
| 2024-11-28 12:18:38 |
|
| 2020-11-24 00:22:46 |
|
| 2020-11-23 21:23:13 |
|
| 2020-05-23 13:16:52 |
|
| 2020-05-23 00:23:34 |
|
| 2018-10-13 00:22:48 |
|
| 2017-09-29 09:24:08 |
|
| 2016-06-29 00:05:06 |
|
| 2016-04-26 18:43:52 |
|
| 2014-02-17 10:49:27 |
|
| 2014-01-19 21:25:48 |
|
| 2013-11-11 12:38:16 |
|
| 2013-05-10 23:47:47 |
|
