Vulnerability Description
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Services | 5.0 |
| Microsoft | Windows 2000 | - |
Related Weaknesses (CWE)
References
- http://www.attrition.org/pipermail/vim/2009-June/002192.htmlThird Party Advisory
- http://www.securityfocus.com/bid/35232Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022358Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2009/1539Third Party Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-02PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- http://www.attrition.org/pipermail/vim/2009-June/002192.htmlThird Party Advisory
- http://www.securityfocus.com/bid/35232Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022358Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2009/1539Third Party Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-02PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
FAQ
What is CVE-2009-1122?
CVE-2009-1122 is a vulnerability with a CVSS score of 7.5 (HIGH). The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read o...
How severe is CVE-2009-1122?
CVE-2009-1122 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1122?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Services, Microsoft Windows 2000.