Executive Summary
Summary | |
---|---|
Title | Microsoft IIS WebDAV Remote Authentication Bypass |
Informations | |||
---|---|---|---|
Name | VU#787932 | First vendor Publication | 2009-05-19 |
Vendor | VU-CERT | Last vendor Modification | 2009-05-20 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#787932Microsoft IIS WebDAV Remote Authentication BypassOverviewA vulnerability exists in the way Microsoft Internet Information Server (IIS) handles unicode tokens that may allow authentication bypass.I. DescriptionWeb-based Distributed Authoring and Versioning (WebDAV) is a set of HTTP extensions that allow collaborative management and editing of files collected on remote servers. The way that Microsoft IIS's implementation of WebDAV handles unicode tokens may allow authentication bypass. According to Nikolaos Rangos:The specific flaw exists within the WebDAV functionality of IIS 6.0. The Web Server fails to properly handle unicode tokens when parsing the URI and sending back data.
References
This vulnerability was publicly disclosed by Nikolaos Rangos. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/787932 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6029 | |||
Oval ID: | oval:org.mitre.oval:def:6029 | ||
Title: | IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability | ||
Description: | The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1535 | Version: | 1 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Information Server 5.1 Microsoft Internet Information Server 6.0 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2009-06-10 | Name : Microsoft IIS Security Bypass Vulnerability (970483) File : nvt/secpod_ms09-020.nasl |
2009-05-20 | Name : Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability File : nvt/secpod_ms_iis_webdav_auth_bypass_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54555 | Microsoft IIS WebDAV Unicode URI Request Authentication Bypass |
Snort® IPS/IDS
Date | Description |
---|---|
2019-01-15 | (http_inspect)unicodemapcodepointencodinginURI RuleID : 7 - Revision : 2 - Type : |
2014-01-10 | WebDAV Request Directory Security Bypass attempt RuleID : 17564 - Revision : 7 - Type : SERVER-IIS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-06-10 | Name : It is possible to bypass authentication on the remote web server. File : smb_nt_ms09-020.nasl - Type : ACT_GATHER_INFO |
2009-05-18 | Name : It is possible to access protected resources through WebDAV. File : webdav_iis6_flaw.nasl - Type : ACT_ATTACK |