漏洞类别:Web server漏洞等级: 
漏洞信息
WebDAV is an extension of the HTTP protocol and is installed by default on Microsoft IIS Version 5.0. WebDav enables remote users to manage and collaboratively edit files on remote Web servers.
WebDAV contains a flaw in the handling of certain requests. By submitting a valid, yet unusually long WebDAV 'search' request, a malicious user could restart the IIS services and possibly cause the server to stop responding.
Note: If you've already applied the appropriate patch (see the Solution field below), then you can safely disregard this vulnerability.
漏洞危害
Successful exploitation of this vulnerability could cause the server to crash, making it unable to accept new HTTP sessions.
解决方案
Microsoft has released a patch for IIS Version 5.0. To download the patch and get instructions on how to apply it, readMicrosoft Security Bulletin (MS01-016).
If you do not need WebDAV, then you can disable it by following the instructions outlined in the Microsoft article, "How to disable WebDav for IIS 5.0".
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论