Tuesday, May 19, 2009

Microsoft IIS6 WebDAV bug

Microsoft has issued an advisory about a new vulnerability being discovered in IIS6 WebDAV component which leads to authentication bypass and can allow an attacker to gain access to the web server and upload malicious files which can lead to a complete compromise of the system.

Till the vulnerability is confirmed, Microsoft has asked users to disable WebDAV and apply ACLS.

The Microsoft Advisory can be found at microsoft technet security website and more details about this vulnerability can be found in this pdf at SecLists.Org.


No comments: