HISTORICAL: Protecting the system from the Microsoft IIS WebDAV vulnerability

Technote (FAQ)


Question

How to protect the system from the Microsoft IIS WebDAV vulnerability?

Affected Versions:
IIS 5.0 on Windows 2000 up to and including Service Pack 3
Note: IIS installations on Windows XP, Windows Server 2003 are not affected.

Answer

Microsoft Internet Information Services (IIS) is Microsoft's web server. IIS version 5.0 supports the Distributed Authoring and Versioning (also known as DAV or WebDAV) extensions to the HTTP protocol. WebDAV extensions are used to remotely manage Web content on IIS servers. A recently discovered vulnerability was discovered in the WebDAV component that may allow attackers to run arbitrary code on vulnerable Web servers. This problem is compounded due to the fact that WebDAV is enabled by default on IIS 5.0 installations and also because the attacker does not require any special privileges or authentication to remotely take advantage of this vulnerability. IBM Security Solutions recommends immediately disabling WebDAV. Using the IIS Lockdown Tool from Microsoft may or may not fully disable WebDAV, depending on which server template was selected at the time of install. IBM Security Solutions recommends manually disabling WebDAV by editing the registry.

WARNING: Incorrectly using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. IBM Security Solutions cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. To completely disable WebDAV from your IIS 5.0 installation, please perform the following steps:

1. Start the Microsoft Registry Editor. Start-->Run--->Regedit32.exe
2. Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters

3. On the 'Edit' menu, click on 'Add Value' and then add the following registry value:

Value name: DisableWebDAV
Data type: DWORD
Value data: 1


If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.

Cross reference information
Segment Product Component Platform Version Edition
Security Proventia Web Filter IBM Security Virtual Server Protection for Vmware

Historical Number

1925

Product Alias/Synonym

Internet Scanner
General Security Information
Proventia Appliance
Proventia Web Filter
Proventia Filter Reporter
IBM Proventia Network IDS - A
IBM Proventia Network IPS - G
IBM Proventia Network MFS - M
Proventia Mail Filter
Proventia Desktop
RealSecure Server Sensor
RealSecure Network Sensor
SiteProtector Security Fusion Module
SiteProtector Event Collector
Proventia Server - Windows
Proventia Network ADS
Enterprise Scanner
Proventia Server - Linux
Proventia Network Mail Security
Proventia for Crossbeam
Lotus Protector for Mail Security
Lotus Protector Mail
Fidelis Fidelis XPS CommandPost
Fidelis Fidelis XPS Internal
Fidelis Fidelis XPS Direct
Fidelis Fidelis XPS Mail
Fidelis Fidelis XPS Proxy
Proventia Network Security Controller
Proventia Network IPS Virtual Appliance
Proventia Web Protection
Proventia Endpoint Secure Control
Proventia Network Active Bypass
Virtual Server Security for VMware
Proventia Server for VMWare

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Internet Scanner Software

Software version:

7.0.2

Operating system(s):

Windows

Reference #:

1434554

Modified date:

2011-05-25

Translate my page

Machine Translation

Content navigation