Content
(MS09-020) Microsoft IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (970483)
- Type
- Format String
- Impact of exploitation
- Security Bypass
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2009-1535,
- CVE-2009-1676,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Internet Information Services 6.0,
- Internet Information Services 5.1,
- Internet Information Services 5.0,
- Summary
- A vulnerability in Microsoft Internet Information Services may allow for Security Bypass, and potentially other, attacks.
Tab Navigation
Description
A vulnerability in Microsoft Internet Information Services may allow for Security Bypass, and potentially other, attacks. The flaw is specific to the WebDAV component of IIS (6.0). Multiple authentication-bypass vulnerabilities exist due to the improper enforcement of access restrictions on requests to certain WebDAV folders. Exploitation can be achieved via specially-crafted URI requests to the server (via certain UNICODE characters).
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx
McAfee Product Mitigation
McAfee Foundstone
The FSL package of May 20 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- Microsoft Internet Information Services WebDAV Security Bypass Vulnerability
- Signature identifier:
- 6679
- Release date:
- 5/21/2009
McAfee Foundstone
- Signature:
- (MS09-020) Microsoft IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (970483)
- Signature identifier:
- 6753
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Internet Information Services WebDAV Security Bypass Vulnerability
- Signature identifier:
- 0x4025FC00
- Release date:
- 5/18/2009
- First released in:
- UDS and 4.1.51, 5.1.21
McAfee Host IPS
- Signature:
- Vulnerabilities in Internet Information Services 5.1 and 6.0 Could Allow Authentication Bypass
- Signature identifier:
- 2220
- Release date:
- 6/9/2009
- First released in:
- Build 2616
McAfee Anti-Virus protection
Exploits using known attack vectors are detected as Exploit-CVE2009-1535 when scanning with heuristics enabled using the following products: SIG, SWG
- Signature:
- Exploit-CVE2009-1535
- Release date:
- 5/29/2009
- First released in:
- 5631
The Remedy V-Flash of June 10 contains remedies.
Additional Resources
IIS 6 + Webdav auth bypass and data upload
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass
http://seclists.org/fulldisclosure/2009/May/att-0134/IIS_Advisory_pdf
Microsoft Security Advisory (971492) Vulnerability in Internet Information Services Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/971492.mspx
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
5/26/2009
A proof of concept has been released.
5/22/2009
A proof of concept has been released.
5/20/2009
A proof of concept has been released.
5/18/2009
Vendor has provided information on the vulnerability.
5/16/2009
Vulnerability information has been publicly disclosed.
5/12/2009
Vulnerability information has been publicly disclosed.
5/12/2009
A proof of concept has been released.
Description -
A vulnerability in Microsoft Internet Information Services may allow for Security Bypass, and potentially other, attacks. The flaw is specific to the WebDAV component of IIS (6.0). Multiple authentication-bypass vulnerabilities exist due to the improper enforcement of access restrictions on requests to certain WebDAV folders. Exploitation can be achieved via specially-crafted URI requests to the server (via certain UNICODE characters).
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx
McAfee Product Mitigation
McAfee Foundstone
The FSL package of May 20 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- Microsoft Internet Information Services WebDAV Security Bypass Vulnerability
- Signature identifier:
- 6679
- Release date:
- 5/21/2009
McAfee Foundstone
- Signature:
- (MS09-020) Microsoft IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (970483)
- Signature identifier:
- 6753
- Release date:
- 6/9/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Internet Information Services WebDAV Security Bypass Vulnerability
- Signature identifier:
- 0x4025FC00
- Release date:
- 5/18/2009
- First released in:
- UDS and 4.1.51, 5.1.21
McAfee Host IPS
- Signature:
- Vulnerabilities in Internet Information Services 5.1 and 6.0 Could Allow Authentication Bypass
- Signature identifier:
- 2220
- Release date:
- 6/9/2009
- First released in:
- Build 2616
McAfee Anti-Virus protection
Exploits using known attack vectors are detected as Exploit-CVE2009-1535 when scanning with heuristics enabled using the following products: SIG, SWG
- Signature:
- Exploit-CVE2009-1535
- Release date:
- 5/29/2009
- First released in:
- 5631
The Remedy V-Flash of June 10 contains remedies.
Additional Resources
Additional Resources -
IIS 6 + Webdav auth bypass and data upload
http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass
http://seclists.org/fulldisclosure/2009/May/att-0134/IIS_Advisory_pdf
Microsoft Security Advisory (971492) Vulnerability in Internet Information Services Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/971492.mspx
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx
