Denial of Service Vulnerability in Microsoft WebDAV XML Message Handler

A vulnerability in the WWW Distributed Authoring and Versioning (WebDAV) XML Message Handler could result in a Denial of Service (DoS) condition on the vulnerable system.

Ken Pfeil

October 12, 2004

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Reported October 12, 2004, byMicrosoft

VERSIONS AFFECTED

DESCRIPTION
A vulnerability in the WWW Distributed Authoring and Versioning (WebDAV) XMLMessage Handler could result in a Denial of Service (DoS) condition on thevulnerable system. A potential attacker could exploit this vulnerability bysending a specially crafted WebDAV request to a server that's running MicrosoftIIS and WebDAV, which could cause WebDAV to consume all available memory andCPU time on an affected server. The IIS service would have to be restarted torestore functionality.

VENDOR RESPONSE
Microsoft has releasedbulletin MS04-030, "Vulnerability in WebDAV XML Message HandlerCould Lead to a Denial of Service (824151)," to address this vulnerabilityand recommends that affected users apply the appropriate patch listed in thebulletin.

CREDIT
Discovered by Amit Klein and Sanctum.

Read more about:

Microsoft
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like