exploits , vulnerabilities , articles , Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability

Title	Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability
Published	2003-05-28-12:00AM
Updated	2004-10-16-04:16PM
Class	Failure to Handle Exceptional Conditions
CVE	CAN-2003-0226
Remote	Yes
Local	No
Credit	Discovery is credited to SPI Labs <spilabs@spidynamics.com> and Mark Litchfield <mark@ngssoftware.com>.
Vulnerable	Microsoft IIS 5.1 Microsoft Windows XP 64bit Edition Microsoft Windows XP 64bit Edition SP1 Microsoft Windows XP Home Microsoft Windows XP Home SP1 Microsoft Windows XP Professional Microsoft Windows XP Professional SP1 Microsoft IIS 5.0 Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Server Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server SP2
Not Vulnerable	Microsoft IIS 6.0 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Datacenter Edition 64-bit Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Enterprise Edition 64-bit Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition
Code	CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild. There is no exploit required. The following proof-of-concept exploit have been made available: /data/vulnerabilities/exploits/ne0.c /data/vulnerabilities/exploits/MSIISpropFindAndSearchDoS.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-04 Rae Media Web Based Contact Management Login SQL Injection Vulnerability
• 2008-12-04 Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• 2008-12-04 Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 mvnForum Cross Site Scripting Vulnerability
• 2008-12-04 i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-12-04 Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
• 2008-12-04 Jbook SQL Injection Vulnerability
• 2008-12-04 SquirrelMail Malformed HTML Mail Message HTML Injection Vulnerability
• 2008-12-04 HP-UX Unspecified Local Denial Of Service Vulnerability
• 2008-12-04 Netrw Vim Script Information Disclosure Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 05 Dec 2008 17:04:13 +0000