CVE-2009-1122

CVE Database · CVE-2009-1122

CVE-2009-1122

· N/AModified

CVSS v3.1

N/A

EPSS

98.45%

Published

Jun 10, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft IIS 6.0 - WebDAV Remote Authentication Bypass (2)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

Weaknesses (CWE)

CWE-287

Affected Products (2)

microsoft · internet_information_servicesvulnerable

microsoft · windows_2000

References (14)

http://www.attrition.org/pipermail/vim/2009-June/002192.html

Third Party Advisory

http://www.securityfocus.com/bid/35232

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022358

Third Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2009/1539

Third Party Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020

KEV Catalog EPSS Scores Vendors All CVEs