Информационная безопасность
[RU] switch to English


Обход аутентификации WebDAV в Microsoft IIS
Опубликовано:9 июня 2009 г.
Источник:
SecurityVulns ID:9977
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможен анонимный доступ к ресурсам, требующим аутентифкацию.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.)
 CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) (09.06.2009)
Файлы:Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород