Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« Microsoft bans Memcpy() in their SDL program | Main | Java Flaw still not fixed in Mac OS X »

IIS6.0 WebDav Unicode Remote Auth Bypass

Update: Microsoft has posted some additional information in multiple entries.

A new unicode bug in IIS has been discovered which allows an attacker access to resources behind password protected sites. This issue only seems to affect IIS 6 (5 and 7 seem immune) and no fix has been issued at this time.

Advisory: http://seclists.org/fulldisclosure/2009/May/att-0134/IIS_Advisory_pdf
Overview: http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html


Posted by Robert A. on 05/18/2009 in IndustryNews , Vulns | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!



yeah the bug has been already posted in many websites including milwr0m

Posted by: seag0d | May 19, 2009 1:01:59 AM

Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals