• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft IIS WebDAV Denial Of Service Vulnerability

A denial of service vulnerability has been reported for Microsoft IIS 5 and 5.1. This vulnerability is related to how IIS allocates memory for WebDAV requests. Any specially crafted WebDAV requests may result in IIS allocating an extremely large amount of memory on the server. Several malformed requests sent to the server will result in the vulnerable system failing to respond to further legitimate requests for service. This vulnerability affects IIS 5.0 and 5.1 only.

This vulnerability was originally described in BugTraq ID 6068. It is now being assigned its own BugTraq ID.

** Reports suggest that numerous hosts have been scanned in an attempt to exploit this vulnerability. Although unconfirmed, this may be the result of a system of automated attacks.