CVE-2009-1535 – Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-1535
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122. La extensión de WebDAV en Microsoft Internet Information Services (IIS) v5.1 y v6.0 permite a atacantes remotos eludir los mecanismos de protección basados en URL, y listar carpetas o leer, crear o modificar archivos, a través de un %c0%af (Unicode / carácter) en una posición arbitraria en la URL, como se ha demostrado mediante la inserción de %c0%af en la ruta inicial de componente "/protected/" para evitar la protección por contraseña en la carpeta protected\ , alias "IIS v5.1 y v6.0 Vulnerabilidad de evasión de autenticación WebDAV". • https://www.exploit-db.com/exploits/8704 https://www.exploit-db.com/exploits/8806 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html http://isc.sans.org/diary.html?n • CWE-287: Improper Authentication •
CVE-2003-1567
https://notcve.org/view.php?id=CVE-2003-1567
The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. El método no documentado TRACK en Microsoft Internet Information Services (IIS) v5.0 devuelve el contenido de la petición original en el cuerpo de la respuesta, lo que facilita a atacantes remotos el robo de cookies y credenciales de autenticación, o evitar el mecanismo de protección HttpOnly, usando TRAK para leer los contenidos de las cabeceras HTTP que se devuelven en la respuesta. Una técnica similar al rastreo de sitios cruzados (XST) usando HTTP TRACE. • http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html http://www.aqtronix.com/Advisories/AQ-2003-02.txt http://www.kb.cert.org/vuls/id/288308 http://www.osvdb.org/5648 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2003-1566 – Microsoft IIS 5.0 - Failure To Log Undocumented TRACK Requests
https://notcve.org/view.php?id=CVE-2003-1566
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. Microsoft Internet Information Services (IIS) v5.0 no registra las peticiones que usan el método TRACK, lo que permite a atacantes remotos obtener información sensible sin ser detectados. • https://www.exploit-db.com/exploits/23490 http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html http://www.aqtronix.com/Advisories/AQ-2003-02.txt http://www.osvdb.org/4864 http://www.securityfocus.com/bid/9313 https://exchange.xforce.ibmcloud.com/vulnerabilities/14077 • CWE-16: Configuration •
CVE-2008-1446
https://notcve.org/view.php?id=CVE-2008-1446
Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." Desbordamiento de entero en la extensión Internet Printing Protocol (IPP) ISAPI en Microsoft Internet Information Services (IIS) v5.0 hasta v7.0 en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP1 y SP2, y Server 2008, permite a atacantes remotos autenticados ejecutar código arbitrario a través de un petición HTTP POST que dispara un conexión IPP de salida desde un servidor Web a la máquina manejada por el atacante, también conocida como "Vulnerabilidad de servicio por Desbordamiento de entero en IPP". • http://marc.info/?l=bugtraq&m=122479227205998&w=2 http://secunia.com/advisories/32248 http://www.kb.cert.org/vuls/id/793233 http://www.securityfocus.com/bid/31682 http://www.securitytracker.com/id?1021048 http://www.us-cert.gov/cas/techalerts/TA08-288A.html http://www.vupen.com/english/advisories/2008/2813 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062 https://exchange.xforce.ibmcloud.com/vulnerabilities/45545 https://exchange.xforce.ibmc • CWE-190: Integer Overflow or Wraparound •
CVE-2008-4300
https://notcve.org/view.php?id=CVE-2008-4300
A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. Un determinado control ActiveX en la biblioteca adsiis.dll en Internet Information Services (IIS) Microsoft, permite a los atacantes remotos causar una denegación de servicio (bloqueo del navegador) por medio de una cadena larga en el segundo argumento al método GetObject. NOTA: este problema fue revelado por un investigador poco confiable, por lo que podría ser incorrecto. • http://securityreason.com/securityalert/4325 http://www.securityfocus.com/archive/1/496696/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/45584 •