Lucene search

K

[email protected]NVD:CVE-2009-1122

HistoryJun 10, 2009 - 6:30 p.m.

CVE-2009-1122

2009-06-1018:30:00

CWE-287

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.953 High

EPSS

Percentile

99.4%

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka “IIS 5.0 WebDAV Authentication Bypass Vulnerability,” a different vulnerability than CVE-2009-1535.

Affected configurations

NVD

Node

microsoftinternet_information_servicesMatch5.0

AND

microsoftwindows_2000Match-sp4

References

www.attrition.org/pipermail/vim/2009-June/002192.html

www.securityfocus.com/bid/35232

www.securitytracker.com/id?1022358

www.us-cert.gov/cas/techalerts/TA09-160A.html

www.vupen.com/english/advisories/2009/1539

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5861

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.953 High

EPSS

Percentile

99.4%

Related for NVD:CVE-2009-1122

prion2 cvelist2 securityvulns2 nvd2 openvas6 cve3 nessus2 cert1 checkpoint_advisories2 seebug1