WebDAV Internet Information Services Vulnerabilities

(MS09-027, CVE-2009-1535)
A vulnerability has been disclosed in the WebDAV extension of Microsoft Internet Information Services (IIS). A hacker could use this vulnerability to gain access to a location that typically requires authentication.

WebDAV (Web-based Distributed Authoring and Versioning) allows users to edit and manage files collaboratively on remote Web servers through a set of extensions to the Hypertext Transfer Protocol (HTTP). The vulnerability is due to the fact that WebDAV removes Unicode characters after the security check. A hacker can use a maliciously-crafted HTTP request to gain access to resources that are normally protected.

Check Point’s security experts have verified that code execution is possible in certain configurations.

Check Point’s VPN-1, VSX, and IPS solutions have had protections that defend against attacks that use these vulnerabilities since May 19th, well before the Microsoft patch (MS09-027) was available. For more information about these protections, see CPAI-2009-130.

Check Point also provides additional protections for another, related, IIS vulnerability included in this Microsoft Bulletin. See CPAI-2009-138.