CVE-2009-1122

Microsoft Internet Information Services - Authentication Bypass

Title source: rule

Description

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ka0x · perlremotewindows

https://www.exploit-db.com/exploits/8806

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5861

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022358

Patch, Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35232

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1539

Third Party Advisory mailing-list x_refsource_vim

http://www.attrition.org/pipermail/vim/2009-June/002192.html

Scores

EPSS 0.9234

EPSS Percentile 99.7%

Details

CWE

CWE-287

Status published

Products (1)

microsoft/internet_information_services 5.0

Published Jun 10, 2009

Tracked Since Feb 18, 2026