IIS 5.0 PROPFIND Vulnerability Network Vulnerability

Summary

It was possible to disable the remote IIS server by making a variation of a specially formed PROPFIND request. An attacker, exploiting this vulnerability, would be able to render the web service useless. If the server is 'business critical', the impact could be high.

Solution

disable the WebDAV extensions, as well as the PROPFIND command See http://support.microsoft.com/support/kb/articles/Q241/5/20.AS

References

http://www.microsoft.com/technet/security/bulletin/MS01-016.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2001-0151
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
Avahi Denial of Service Vulnerability
Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
avast! AntiVirus Multiple BOF Vulnerabilities (Linux)

Take action and discover your vulnerabilities