Denial of Service Vulnerability in Microsoft WebDAV XML Message Handler
A vulnerability in the WWW Distributed Authoring and Versioning (WebDAV) XML Message Handler could result in a Denial of Service (DoS) condition on the vulnerable system.
October 12, 2004
Reported October 12, 2004, byMicrosoft
VERSIONS AFFECTED
DESCRIPTION
A vulnerability in the WWW Distributed Authoring and Versioning (WebDAV) XMLMessage Handler could result in a Denial of Service (DoS) condition on thevulnerable system. A potential attacker could exploit this vulnerability bysending a specially crafted WebDAV request to a server that's running MicrosoftIIS and WebDAV, which could cause WebDAV to consume all available memory andCPU time on an affected server. The IIS service would have to be restarted torestore functionality.
VENDOR RESPONSE
Microsoft has releasedbulletin MS04-030, "Vulnerability in WebDAV XML Message HandlerCould Lead to a Denial of Service (824151)," to address this vulnerabilityand recommends that affected users apply the appropriate patch listed in thebulletin.
CREDIT
Discovered by Amit Klein and Sanctum.
Read more about:
MicrosoftAbout the Author
You May Also Like