Microsoft IIS 5.1 directory authentication bypass

Description

An elevation of privilege vulnerability exists in IIS version 5.1. By adding :$i30:$INDEX_ALLOCATION to the directory name it's possible to bypass the directory authentication. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication.

Remediation

Upgrade to IIS 6 or IIS 7. These versions are not affected by this vulnerability. In these versions, IIS does not accept colon (:) character in the URL.

References