CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 1CVE-2009-1122 – Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1122
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. La extension WebDAV en Microsoft Internet Information Services (IIS) v5.0 on Windows 2000 SP4 no decodifica adecuadamente las URLs, lo que permite a atacantes remotos evitar la autenticación, y posiblemente leer o crear ficheros, a través de una petición HTTP manipulada, también conocido como "Vulnerabilidad para evitar la autenticación de WebDAV en IIS v5.0" • https://www.exploit-db.com/exploits/8806 http://www.attrition.org/pipermail/vim/2009-June/002192.html http://www.securityfocus.com/bid/35232 http://www.securitytracker.com/id?1022358 http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://www.vupen.com/english/advisories/2009/1539 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5861 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 94%CPEs: 8EXPL: 2CVE-2009-1535 – Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1535
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. La extensión de WebDAV en Microsoft Internet Information Services (IIS) v5.1 y v6.0 permite a atacantes remotos eludir los mecanismos de protección basados en URL, y listar carpetas o leer, crear o modificar archivos, a través de un %c0%af (Unicode / carácter) en una posición arbitraria en la URL, como se ha demostrado mediante la inserción de %c0%af en la ruta inicial de componente "/protected/" para evitar la protección por contraseña en la carpeta protected\ , alias "IIS v5.1 y v6.0 Vulnerabilidad de evasión de autenticación WebDAV". • https://www.exploit-db.com/exploits/8704 https://www.exploit-db.com/exploits/8806 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html http://isc.sans.org/diary.html?n • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 20%CPEs: 7EXPL: 0CVE-2009-1216
https://notcve.org/view.php?id=CVE-2009-1216
Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en (1) unlzh.c y (2) unpack.c en las librerías gzip en Microsoft Windows Server 2008, Windows Services para UNIX 3.0 y 3.5, y el subsistema para UNIX-based Applications (SUA); como lo utilizado en gunzip, gzip, pack, pcat, y unpack 7.x versiones anteriores a 7.0.1701.48, 8.x versiones anteriores a 8.0.1969.62, y 9.x versiones anteriores a 9.0.3790.2076; permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://secunia.com/advisories/34428 http://securitytracker.com/id?1021937 http://support.microsoft.com/kb/953602 http://www.securityfocus.com/bid/34258 http://www.vupen.com/english/advisories/2009/0849 https://exchange.xforce.ibmcloud.com/vulnerabilities/49435 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0419
https://notcve.org/view.php?id=CVE-2009-0419
Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033. Microsoft XML Core Services, como el utilizado en Microsoft Expression Web, Office, Internet Explorer 6 y 7 y otros productos; no restringe adecuadamente el acceso de las páginas Web a las cabeceras de respuesta HTTP Set-Cookie2; esto permite a atacantes remotos obtener información sensible de las cookies a través de llamadas XMLHttpRequest. Relacionado con el mecanismo de protección HTTPOnly. NOTA: este problema existe debido a una modificación inicial incompleta de CVE-2008-4033. • https://bugzilla.mozilla.org/show_bug.cgi?id=380418 https://exchange.xforce.ibmcloud.com/vulnerabilities/48815 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 3CVE-2003-1567
https://notcve.org/view.php?id=CVE-2003-1567
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. El método no documentado TRACK en Microsoft Internet Information Services (IIS) v5.0 devuelve el contenido de la petición original en el cuerpo de la respuesta, lo que facilita a atacantes remotos el robo de cookies y credenciales de autenticación, o evitar el mecanismo de protección HttpOnly, usando TRAK para leer los contenidos de las cabeceras HTTP que se devuelven en la respuesta. Una técnica similar al rastreo de sitios cruzados (XST) usando HTTP TRACE. • http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html http://www.aqtronix.com/Advisories/AQ-2003-02.txt http://www.kb.cert.org/vuls/id/288308 http://www.osvdb.org/5648 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •