Microsoft IIS WebDAV Denial of Service Vulnerability
BID:2453
Info
Microsoft IIS WebDAV Denial of Service Vulnerability
| Bugtraq ID: | 2453 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2001 12:00AM |
| Updated: | Mar 08 2001 12:00AM |
| Credit: | Posted in a Microsoft Security Bulletin (MS01-016) on March 8, 2001. |
| Vulnerable: |
Microsoft IIS 5.0 |
| Not Vulnerable: | |
Discussion
Microsoft IIS WebDAV Denial of Service Vulnerability
Microsoft IIS is subject to a denial of service condition. WebDAV contains a flaw in the handling of certain malformed requests, submitting multiple malformed WebDAV requests could cause the server to stop responding. This vulnerability is also known to restart all IIS services.
Microsoft IIS is subject to a denial of service condition. WebDAV contains a flaw in the handling of certain malformed requests, submitting multiple malformed WebDAV requests could cause the server to stop responding. This vulnerability is also known to restart all IIS services.
Exploit / POC
Microsoft IIS WebDAV Denial of Service Vulnerability
The following exploit has been provided by Georgi Guninski <[email protected]>:
The following exploit has been provided by Georgi Guninski <[email protected]>:
References
Microsoft IIS WebDAV Denial of Service Vulnerability
References:
References:
- How to Disable WebDAV for IIS 5.0 (Microsoft)
- Microsoft Security Bulletin (MS01-016) (Microsoft)
- Microsoft Security Bulletin MS02-026 (Microsoft)