Description
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability."
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by Soroush Dalili · textremotewindows
https://www.exploit-db.com/exploits/14179
metasploit
WORKING POC
by Soroush Dalili, sinn3r · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/iis_auth_bypass.rb
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6942
Scores
EPSS
0.6678
EPSS Percentile
98.6%
Details
CWE
CWE-287
Status
published
Published
Sep 15, 2010
Tracked Since
Feb 18, 2026