IIS 5.0 PROPFIND Vulnerability Network Vulnerability

Summary

It was possible to disable the remote IIS server by making a variation of a specially formed PROPFIND request. An attacker, exploiting this vulnerability, would be able to render the web service useless. If the server is 'business critical', the impact could be high.

Solution

disable the WebDAV extensions, as well as the PROPFIND command See http://support.microsoft.com/support/kb/articles/Q241/5/20.AS

References

http://www.microsoft.com/technet/security/bulletin/MS01-016.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2001-0151

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

F-PROT Antivirus Multiple Vulnerabilities
Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
at32 Reverse Proxy Multiple HTTP Header Fields Denial Of Service Vulnerability
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)
Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability

Take action and discover your vulnerabilities