GEN:SID | 1:1070 |
Message | WEB-MISC WebDAV search access |
Summary | This event is generated when an attempt is made to initiate a WebDAV SEARCH on a web server.
|
Impact | Information gathering. Potential Denial of Service (DoS).
|
Detailed Information | IIS 5.0 includes an implementation of WebDAV for purposes of web publishing. As shipped, it contains two vulnerabilities that can allow an attacker to get a complete directory listing from the web root and to DoS the web server.
If the target is IIS 5.0, then an attacker may have gotten a complete directory listing from within the web root, which can be useful information for attackers (could be a prelude to a more serious attack). IIS 5.0's WebDAV implementation is also vulnerable to a Denial of Service vulnerability if the search string is too long.
|
Affected Systems | IIS 5.0 Any web server running WebDAV, though no exploits are known for servers other than IIS 5.0.
|
Attack Scenarios | Attacker gets a listing by sending something like: SEARCH / HTTP/1.1 Attacker DoSes the web server using pre-existing tools.
|
Ease of Attack | Simple.
|
Corrective Action | Check the host for signs of compromise.
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
Disallow WebDAV access to the server from resources external to the protected network.
|
Additional References | CVE: CVE-2000-0951 Bugtraq: BID 1756 Bugtraq: BID 2483
|
Rule References | arachnids: 474
bugtraq: 1756
cve: 2000-0951
|