IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability

  Severity: HIGH
  CVE Identifier: CVE-2009-1535,MS09-020
  Advisory Date: JUL 21, 2015

  DESCRIPTION

The WebDAV extension in Microsoft Internet Information Services (IIS) allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1003508
  Trend Micro Deep Security DPI Rule Name: 1003508 - Microsoft IIS Unicode Requests To WebDAV Authentication Bypass Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • microsoft iis 5.0
  • microsoft iis 5.1
  • microsoft iis 6.0

Featured Stories