Vulnerability Note VU#959211
Microsoft IIS vulnerable to DoS via invalid request for very long WebDAV requests
Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning (WebDAV) request.
[WebDAV is] an extension to the HTTP/1.1 protocol that allows clients to perform remote web content authoring operations. This extension provides a coherent set of methods, headers, request entity body formats, and response entity body formats that provide operations for: Properties [...], Collections [... and], Namespace Operations.
A vulnerability in the Microsoft implementation of WebDAV can be used to disrupt IIS 5.0. Quoting from MS01-044,
An intruder can cause the IIS 5.0 service to fail. It will restart by default.
Apply a patch as described in MS01-044. This is a cumulative patch that addresses a number of security problems discovered prior to August 15, 2001.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft||Affected||-||18 Sep 2001|
CVSS Metrics (Learn More)
This document was written by Shawn Hernan, based upon information in Microsoft Security Bulletin MS01-044.
- CVE IDs: CAN-2001-0508
- Date Public: 15 Aug 2001
- Date First Published: 18 Sep 2001
- Date Last Updated: 18 Sep 2001
- Severity Metric: 12.60
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.