“US-CERT Current Activity

Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability

Original release date: May 18, 2009 at 8:54 am Last revised: May 18, 2009 at 8:54 am

US-CERT is aware of public reports of a vulnerability affecting Microsoft Internet Information Services 6 (IIS6). Reports indicate that this vulnerability is due to improper handling of unicode tokens.

Exploitation of this vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information. US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability.

US-CERT encourages users to implement the following workaround to help mitigate the risks until a patch or update is available from the

vendor: Disable WebDAV. Administrators who are unable to disable WebDAV may be able to mitigate some risk by configuring their IDS to refuse external HTTP requests containing “Translate: f” headers. Please note that disabling WebDAV may affect the functionality of other applications such as SharePoint.

US-CERT will provide additional information as it becomes available.

====

This entry is available at

http://www.us-cert.gov/current/index.html#microsoft_internet_information_services_iis“