Microsoft Internet Information Services (IIS) WebDAV Authentication Bypass Vulnerabilities ( 10 June 2009 )
RISK: Medium Risk
1. IIS 5.0 WebDAV Authentication Bypass Vulnerability
An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that should require authentication.
2. IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability
An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication.
Impact
- Elevation of Privilege
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Services 5.1
- Microsoft Internet Information Services 6.0
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Windows 2000 Service Pack 4
- Microsoft Internet Information Services 5.0 - Windows XP Professional Service Pack 2 and Windows XP Professional Service Pack 3
- Microsoft Internet Information Services 5.1 - Windows XP Professional x64 Edition Service Pack 2
- Microsoft Internet Information Services 6.0 - Windows Server 2003 Service Pack 2
- Microsoft Internet Information Services 6.0 - Windows Server 2003 x64 Edition Service Pack 2
- Microsoft Internet Information Services 6.0 - Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Internet Information Services 6.0
Vulnerability Identifier
Source
Related Link
Share with