Internet Information Services Improper Authentication Vulnerability - CVE-2009-1535

The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms and list folders or read create or modify files via a c0af (Unicode / character) at an arbitrary position in the URI as demonstrated by inserting c0af into a quot/protected/quot initial pathname component to bypass the password protection on the protected folder aka quotIIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerabilityquot a different vulnerability than CVE-2009-1122.