| VID |
22179 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
Microsoft IIS WebDAV service is running on the system.
Web Distributed Authoring and Versioning (WebDAV) is an extension to the HTTP 1.1 protocol designed to add distributed authoring and version control to Web content (RFC2518). As some versions of WebDAV have serious vulnerabilities, this service should be carefully used.
* References:
http://www.cert.org/advisories/CA-2003-09.html
http://www.microsoft.com/technet/security/bulletin/ms03-007.asp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0109
http://www.iss.net/security_center/static/11533.php
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029
* Platforms Affected:
Microsoft IIS 4.0
Microsoft IIS 5.0
Microsoft IIS 6.0
Microsoft IIS 7.0
Microsoft IIS 8.0
Microsoft IIS 10.0 |
| Recommendation |
If use of IIS WebDAV is required, ensure that patches had been applied for best security practices.
-- OR --
If use of WebDAV is not required, disable it from the system. To disable WebDAV:
1. Use the IIS lockdown tool. This tool is available here:
http://www.microsoft.com/downloads/release.asp?ReleaseID=43955
2. Alternatively, you can disable WebDAV by following the instructions located in Microsoft's Knowledgebase Article 241520, "How to Disable WebDAV for IIS 5.0":
http://support.microsoft.com/default.aspx?scid=kb;en-us;241520
To completely disable WebDAV including the PUT and DELETE requests, make the following changes in the registry.
1) Start Registry Editor (Regedt32.exe).
2) Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters
3) On the Edit menu, click Add Value, and then add the following registry value:
Value name: DisableWebDAV
Data type: DWORD
Value data: 1
3. You may also wish to use URLScan, which can block requests for 'PROPFIND' method. Information about URLScan is available at:
http://support.microsoft.com/default.aspx?scid=kb;[LN];326444 |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
11537 (ISS) |
|
