US-CERT Current Activity – Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability
The IIS WebDav exploit apparently has a new notification assosciated with it, the information is below:
US-CERT Current Activity
Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability
Original release date: May 18, 2009 at 8:54 am Last revised: May 19, 2009 at 8:02 am
US-CERT is aware of public reports of a vulnerability affecting Microsoft Internet Information Services 6 (IIS6). Reports indicate that this vulnerability is due to improper handling of unicode tokens.
Exploitation of this vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information. NTFS file ACLs will generally prevent the anonymous internet user from writing to an unauthorized area. US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability.
US-CERT encourages users to implement the following workaround to help mitigate the risks until a patch or update is available from the
vendor:
Disable WebDAV. Administrators who are unable to disable WebDAV may be able to mitigate some risk by configuring their IDS to refuse external HTTP requests containing “Translate: f” headers. Please note that disabling WebDAV may affect the functionality of other applications such as SharePoint.
Microsoft has released Security Advisory 971492 to provide information about this vulnerability. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.
Relevant Url(s):
<http://www.microsoft.com/technet/security/advisory/971492.mspx>
<http://www.kb.cert.org/vuls/id/787932>
====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_internet_information_services_iis
Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability
added May 18, 2009 at 08:54 am | updated May 19, 2009 at 08:02 am
US-CERT is aware of public reports of a vulnerability affecting Microsoft Internet Information Services 6 (IIS6). Reports indicate that this vulnerability is due to improper handling of unicode tokens. Exploitation of this vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information. NTFS file ACLs will generally prevent the anonymous internet user from writing to an unauthorized area. US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability.
US-CERT encourages users to implement the following workaround to help mitigate the risks until a patch or update is available from the vendor:
Disable WebDAV. Administrators who are unable to disable WebDAV may be able to mitigate some risk by configuring their IDS to refuse external HTTP requests containing “Translate: f” headers. Please note that disabling WebDAV may affect the functionality of other applications such as SharePoint.
Microsoft has released Security Advisory 971492 to provide information about this vulnerability. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.
Pasted from <http://www.us-cert.gov/current/index.html>
