Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders.
An attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks.
Microsoft IIS 6.0 is vulnerable; other versions may also be affected.
REFERENCIA DE LA VULNERABILIDAD
The following proof-of-concept and exploit code are available:
fuente: securityfocus.com
Mayo 19, 2009 a las 9:21 am |
[...] nota hace referencia a la vulnerabilidad descubierta el dia 15 de mayo Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass la cual ya tiene su [...]
Mayo 20, 2009 a las 4:26 pm |
[...] gratuitas para proteger a los usuarios del exploit de IIS Hace un par de dias anunciabamos la nueva vulnerabilidad que afecta al IIS de Microsoft, posteriormente, ayer, comunicabamos la nota de seguridad que sacaba [...]