Detections
Analytics

Microsoft IIS WebDAV Unicode Request Directory Security Bypass

high Nessus Plugin ID 38808

Language:

Synopsis

It is possible to access protected resources through WebDAV.

Description

IIS 6.0 does not properly sanitize WebDAV requests. It is possible to access protected resources by inserting a Unicode / (%c0%af) in the URL.

Depending on the remote server configuration, protected resources may be browsed, read and/or modified.

Solution

Disable WebDAV or update the server.

See Also

http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html

http://www.nessus.org/u?36818b28

http://www.nessus.org/u?5fefdfc0

https://isc.sans.edu/diary/IIS6.0+WebDav+Remote+Auth+Bypass/6397

https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2009/971492

http://unixwiz.net/techtips/ms971492-webdav-vuln.html

https://forums.iis.net/t/1149348.aspx

Plugin Details

Severity: High

ID: 38808

File Name: webdav_iis6_flaw.nasl

Version: 1.21

Type: remote

Family: Web Servers

Published: 5/18/2009

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2009-1535

BID: 34993

CWE: 287

AUSCERT: AL-2009.0041

CERT-FI: 038/2009

CERTA: CERTA-2009-ALE-007