var-200905-0134
Vulnerability from variot
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1535. Reason: This candidate is a duplicate of CVE-2009-1535. Notes: All CVE users should reference CVE-2009-1535 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders. An attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks. This issue affects IIS 5.0, 5.1, and 6.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200905-0134",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "2.0"
},
{
"model": "messaging application server mm",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "1.1"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "iis",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
}
],
"sources": [
{
"db": "BID",
"id": "34993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kingcope kingcope@gmx.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-237"
}
],
"trust": 0.6
},
"cve": "CVE-2009-1676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [],
"severity": [
{
"author": "CNNVD",
"id": "CNNVD-200905-237",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1535. Reason: This candidate is a duplicate of CVE-2009-1535. Notes: All CVE users should reference CVE-2009-1535 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders. \nAn attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks. \nThis issue affects IIS 5.0, 5.1, and 6.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1676"
},
{
"db": "BID",
"id": "34993"
},
{
"db": "VULMON",
"id": "CVE-2009-1676"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=8704",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1676"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1676",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200905-237",
"trust": 0.6
},
{
"db": "BID",
"id": "34993",
"trust": 0.4
},
{
"db": "CERT/CC",
"id": "VU#787932",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "8704",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-1676",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1676"
},
{
"db": "BID",
"id": "34993"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-237"
},
{
"db": "NVD",
"id": "CVE-2009-1676"
}
]
},
"id": "VAR-200905-0134",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T12:22:58.961000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "",
"trust": 0.1,
"url": "https://github.com/l4ncelotcoder/Webdav "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://blogs.technet.com/srd/archive/2009/05/20/answers-to-the-iis-webdav-authentication-bypass-questions.aspx"
},
{
"trust": 0.3,
"url": "http://blog.zoller.lu/2009/05/iis-6-webdav-unicode-bug-that-wont-die.html"
},
{
"trust": 0.3,
"url": "http://milw0rm.com/sploits/2009-iis-advisory.pdf"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
},
{
"trust": 0.3,
"url": "http://blogs.technet.com/srd/archive/2009/05/18/more-information-about-the-iis-authentication-bypass.aspx"
},
{
"trust": 0.3,
"url": "http://technet.microsoft.com/en-us/security/cc242650.aspx"
},
{
"trust": 0.3,
"url": "http://www.skullsecurity.org/blog/?p=285"
},
{
"trust": 0.3,
"url": "/archive/1/503857"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2009-215.htm"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/advisory/971492.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/787932"
},
{
"trust": 0.1,
"url": "https://github.com/l4ncelotcoder/webdav"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/34993"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/8704/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2009-1676"
},
{
"db": "BID",
"id": "34993"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2009-1676"
},
{
"db": "BID",
"id": "34993"
},
{
"db": "CNNVD",
"id": "CNNVD-200905-237"
},
{
"db": "NVD",
"id": "CVE-2009-1676"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-05-18T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1676"
},
{
"date": "2009-05-15T00:00:00",
"db": "BID",
"id": "34993"
},
{
"date": "2009-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-237"
},
{
"date": "2009-05-18T18:30:01.127000",
"db": "NVD",
"id": "CVE-2009-1676"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2009-1676"
},
{
"date": "2009-06-18T16:49:00",
"db": "BID",
"id": "34993"
},
{
"date": "2009-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200905-237"
},
{
"date": "2023-11-07T02:03:58.533000",
"db": "NVD",
"id": "CVE-2009-1676"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-237"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft IIS WebDAV Unicode Request to bypass authentication vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-237"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200905-237"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…