[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-21745":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":51,"name":52,"published":53,"updated":34},21745,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},3,"OpenVAS",{"id":25,"codename":34,"description":34,"severity":34,"risk_description":35,"public_description":36,"public_recommendation":37,"recommendation":34,"references":38,"cvssv3":34,"epss_score":46,"epss_percentile":47,"cve":48,"in_cisa_catalog":50,"date":34,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"Due to the wrong implementation of UNICODE characters support (WebDAV extension) for Microsoft IIS Server which fails to decode the requested URL properly. Unicode character checks are being done after IIS Server internal security check, which lets the attacker execute any crafted UNICODE character in the HTTP requests to get information on any password protected directories without any authentication schema. Successful exploitation will let the attacker craft malicious UNICODE characters and send it over the context of IIS Webserver where WebDAV is enabled. As a result due to lack of security implementation check it will let the user fetch password protected directories without any valid authentications.","Microsoft IIS Webserver with WebDAV Module is prone to remote authentication bypass vulnerability.","The vendor has released updates. Please see the references for more information. Workaround: Disable WebDAV or upgrade to Microsoft IIS 7.0.",[39,40,41,42,43,44,45],"http://view.samurajdata.se/psview.php?id=023287d6&page=2","http://www.securityfocus.com/bid/34993","http://www.microsoft.com/technet/security/advisory/971492","http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html","http://downloads.securityfocus.com/vulnerabilities/exploits/34993.rb","http://downloads.securityfocus.com/vulnerabilities/exploits/34993.txt","https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-020",0.91826,0.99687,[49],"CVE-2009-1535",false,"NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.900711","Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability","2018-01-02T00:00:00Z"]