|
Family: Denial of Service --> Category: mixed
IIS 5.0 PROPFIND Vulnerability Vulnerability Scan
Vulnerability Scan Summary Attempts to crash the Microsoft IIS server
Detailed Explanation for this Vulnerability Test
It was possible to disable the remote IIS server
by making a variation of a specially formed PROPFIND request.
A possible hacker, exploiting this vulnerability, would be able
to render the web service useless. If the server is 'business
critical', the impact could be high.
Solution : disable the WebDAV extensions, as well as the PROPFIND command
See
http://support.microsoft.com/support/kb/articles/Q241/5/20.ASP
See also:
http://www.microsoft.com/technet/security/bulletin/MS01-016.mspx
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|