Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability

info
discussion
exploit
solution
references

Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

There is no exploit required. The following proof-of-concept exploit have been made available:

/data/vulnerabilities/exploits/ne0.c
/data/vulnerabilities/exploits/MSIISpropFindAndSearchDoS.c