| VID |
12005 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS 5.0 webserver is vulnerable to a denial of service via a malformed WebDAV requests.
WebDAV(Web Distributed Authoring and Versioning) is an extension to the HTTP protocol that allows remote authoring and management of web content. In the Windows 2000 implementation of the protocol, IIS 5.0 performs initial processing of all WebDAV requests, then forwards the appropriate commands to the WebDAV process. However, a flaw exists because WebDAV incorrectly processes specially malformed requests. So if a remote attacker sends a stream of specially malformed requests via 'PROPFIND' method to an affected server as the follow :
<?xml version="1.0"?>
<a:propfind xmlns:a="DAV:" xmlns:u="over:"><a:prop><a:displayname />
<u:AAA ...A*128008..AAAA/></a:prop>
</a:propfind>
it's possible the IIS server to consume all available CPU resources on the server and disrupt Web services. This vulnerability allows server to be disabled temporally and automatically resume normal services as soon as the malformed requests stopped arriving. This vulnerability does not provide any capability to compromise data on the server or gain administrative control over it.
* References:
http://www.iss.net/security_center/static/6205.php
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-016.asp |
| Recommendation |
Apply the patch for this vulnerability.
1. Open this web page http://www.microsoft.com/Downloads/Release.asp?ReleaseID=28564
2. Select your language from the drop-down list at the top of the page and Click <Go>
3. Click <Security Update>.
4. Download to your computer and Click it.
5. Restart your computer to complete the installation.
-- OR --
Install the Windows 2000 Service Pack 2 included this fix.
-- OR --
Disable WebDAV, make the following changes in the registry.
1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
3. On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableWebDAV
Data type: DWORD
Value data: 1 |
| Related URL |
CVE-2001-0151 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
