MS09-020: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
High Nessus Plugin ID 39342
SynopsisIt is possible to bypass authentication on the remote web server.
DescriptionDue to a flaw in the WebDAV extension for IIS, an anonymous, remote attacker may be able to bypass authentication by sending a specially crafted HTTP request and gain access to a protected location.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.