Intruders can disrupt the normal operation of an IIS 5.0 server using a malicious Web Distributed Authoring and Versioning (WebDAV) request.
[WebDAV is] an extension to the HTTP/1.1 protocol that allows clients to perform remote web content authoring operations. This extension provides a coherent set of methods, headers, request entity body formats, and response entity body formats that provide operations for: Properties [...], Collections [... and], Namespace Operations.
An intruder can cause the IIS 5.0 service to fail. It will restart by default.
Apply a patch as described in MS01-044. This is a cumulative patch that addresses a number of security problems discovered prior to August 15, 2001.
This document was written by Shawn Hernan, based upon information in Microsoft Security Bulletin MS01-044
|Date First Published:||2001-09-18|
|Date Last Updated:||2001-09-18 21:07 UTC|