GEN:SID 1:1070
Message WEB-MISC WebDAV search access
Summary This event is generated when an attempt is made to initiate a WebDAV SEARCH
on a web server.
Impact Information gathering. Potential Denial of Service (DoS).
Detailed Information IIS 5.0 includes an implementation of WebDAV for purposes of web publishing.
As shipped, it contains two vulnerabilities that can allow an attacker
to get a complete directory listing from the web root and to DoS the
web server.

If the target is IIS 5.0, then an attacker may have gotten a complete
directory listing from within the web root, which can be useful information
for attackers (could be a prelude to a more serious attack).  IIS 5.0's
WebDAV implementation is also vulnerable to a Denial of Service vulnerability
if the search string is too long.
Affected Systems IIS 5.0
    Any web server running WebDAV, though no exploits are known for servers
    other than IIS 5.0.
Attack Scenarios Attacker gets a listing by sending something like:
SEARCH / HTTP/1.1
Attacker DoSes the web server using pre-existing tools.
Ease of Attack Simple.
Corrective Action Check the host for signs of compromise.

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Disallow WebDAV access to the server from resources external to the
protected network.
Additional References CVE:  CVE-2000-0951
Bugtraq:  BID 1756
Bugtraq:  BID 2483
Rule References arachnids: 474
bugtraq: 1756
cve: 2000-0951