What is CVE-2009-1535?

CVE-2009-1535 is a vulnerability in N/a. Published 2009-06-10.

Is CVE-2009-1535 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-1535

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at a…

EPSS: 0.918 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

oval:org.mitre.oval:def:6029 (x_refsource_OVAL, signature, vdb-entry)
MS09-020 (x_refsource_MS, vendor-advisory)
view.samurajdata.se/psview.php (x_refsource_MISC)
isc.sans.org/diary.html (x_refsource_MISC)
20090515 IIS6 + webdav and unicode rides again in 2009 (mailing-list, x_refsource_FULLDISC)
20090515 Re: IIS6 + webdav and unicode rides again in 2009 (mailing-list, x_refsource_FULLDISC)
blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html (x_refsource_MISC)
TA09-160A (x_refsource_CERT, third-party-advisory)
archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf (x_refsource_MISC)
20090515 Re: IIS6 + webdav and unicode rides again in 2009 (mailing-list, x_refsource_FULLDISC)

Frequently asked questions

What is CVE-2009-1535?: CVE-2009-1535 is a vulnerability in N/a. Published 2009-06-10.
Is CVE-2009-1535 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.