 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.900567 |
| Kategorie: | Windows : Microsoft Bulletins |
| Titel: | Microsoft IIS Security Bypass Vulnerability (970483) |
| Zusammenfassung: | This host is missing a critical security update according to; Microsoft Bulletin MS09-020. |
| Beschreibung: | Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-020. Vulnerability Insight: The flaw is due to: - WebDAV extension does not properly decode requested URLs, which could cause an incorrect configuration to be applied. - WebDav fails to verify credentials before accessing password-protected resources when handling HTTP GET or PROPFIND requests containing a Unicode encoded character with a 'Translate: f' header. Vulnerability Impact: Remote attackers could exploit this issue to bypass authentication and gain unauthorized read and upload access to protected folders. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2k3 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1122 BugTraq ID: 35232 http://www.securityfocus.com/bid/35232 Cert/CC Advisory: TA09-160A http://www.us-cert.gov/cas/techalerts/TA09-160A.html Microsoft Security Bulletin: MS09-020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5861 http://www.securitytracker.com/id?1022358 http://www.attrition.org/pipermail/vim/2009-June/002192.html http://www.vupen.com/english/advisories/2009/1539 Common Vulnerability Exposure (CVE) ID: CVE-2009-1535 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0135.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0139.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0144.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/att-0135/IIS_Advisory.pdf http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html http://isc.sans.org/diary.html?n&storyid=6397 http://view.samurajdata.se/psview.php?id=023287d6&page=1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6029 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |