CVE Vulnerabilities

CVE-2009-1122

Improper Authentication

Published: Jun 10, 2009 | Modified: Nov 23, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka IIS 5.0 WebDAV Authentication Bypass Vulnerability, a different vulnerability than CVE-2009-1535.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Internet_information_services Microsoft 5.0 5.0

Potential Mitigations

References