Contents tagged with WebDAV
-
Update for WebDAV vulnerability on IIS 5.x and IIS 6
We now have a security update available to address the WebDAV extension vulnerability reported earlier. All customers affected should apply the update even if they have mitigated the issue through a workaround.
-
WebDAV Authentication Bypass on IIS 5.0, 5.1 and 6.0
Microsoft has released advisory 971492 about an Elevation of Privilege issue with the WebDAV extension for IIS 5.0, 5.1 and 6.0. These versions of IIS reside on Windows Server 2000, Windows XP and Windows Server 2003 respectively. The advisory contains relevant information for who is affected and what the mitigations and workarounds are. The Microsoft Security Response Center (MSRC) has also release a blog outlining our response and the Security Research & Defense team has a blog outlining technical details.