Vulnerability Details : CVE-2009-1535
Public exploit exists!
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
Vulnerability category: BypassGain privilege
Products affected by CVE-2009-1535
- cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 Professional Edition For X64
Exploit prediction scoring system (EPSS) score for CVE-2009-1535
95.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-1535
-
MS09-020 IIS6 WebDAV Unicode Auth Bypass Directory Scanner
First seen: 2020-04-26auxiliary/scanner/http/dir_webdav_unicode_bypassThis module is based on et's HTTP Directory Scanner module, with one exception. Where authentication is required, it attempts to bypass authentication using the WebDAV IIS6 Unicode vulnerability discovered by Kingcope. The vulnerability appears to be exploitable -
MS09-020 IIS6 WebDAV Unicode Authentication Bypass
First seen: 2020-04-26auxiliary/scanner/http/ms09_020_webdav_unicode_bypassThis module attempts to to bypass authentication using the WebDAV IIS6 Unicode vulnerability discovered by Kingcope. The vulnerability appears to be exploitable where WebDAV is enabled on the IIS6 server, and any protected folder requires either Basic, Digest or NTLM
CVSS scores for CVE-2009-1535
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2009-1535
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1535
-
http://view.samurajdata.se/psview.php?id=023287d6&page=1
Broken Link
-
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html
Broken Link
-
http://isc.sans.org/diary.html?n&storyid=6397
Third Party Advisory
-
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf
Broken Link
-
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029
Third Party Advisory
-
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html
Broken Link
-
http://www.attrition.org/pipermail/vim/2009-June/002192.html
Third Party Advisory
-
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
Third Party Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020
Patch;Vendor Advisory
-
http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html
Broken Link
Jump to