May 19, 2009, 9:59AM
Microsoft confirms flaw in WebDAV in IIS
Comment Microsoft has confirmed the reported vulnerability in the WebDAV implementation in IIS 5.0, 5.1 and 6.0, saying that the flaw could be used to bypass the authentication mechanism on the Web server. However, the company said that there are a number of mitigating factors involved and that company security officials have not seen any attacks against the weakness so far.
Microsoft officials said that the vulnerability is mitigated by several things, including the fact that WebDAV is not enabled by default on IIS 6.0. However, the WebDAV protocol is widely used to share documents and information on Web servers. Normally implemented access control lists (ACLs), which prevent users from accessing files that they do not have permission to access, also would limit the damage of an attack.
The company also said that the vulnerability affects versions 5.0 and 5.1 of IIS, along with 6.0, which was the version that had been reported to be vulnerable originally. The most effective workaround until a patch is available is to disable WebDAV.
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
- Adobe's Security Chief Talks About Driving Up The Cost of Exploits
- Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages
- New Tool Cracks Apple iWork Passwords
- Google: Bug Bounty Program Has Made Users Safer
- After Damaging Reports, Electronics Manufacturing Giant Foxconn Is Hacked
Most Commented Stories
-
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit (7)
-
Flash With Sandbox in the Works for Firefox (4)
-
Apple Ships Huge Set of Patches for OS X (7)
-
Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages (55)
-
EU Asks Google to Delay Privacy Policy Changes (2)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
