Check Point Reference: | CPAI-2004-189 |
Date Published: | 8 Dec 2009 |
Severity: | Critical |
Last Updated: | Tuesday 08 December, 2009 |
Source: | |
Industry Reference: | CVE-2003-0718 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | The WebDAV protocol (Web-based Distributed Authoring and Versioning) is an extension to HTTP/1.1 that provides a capability for web page authoring over HTTP. The Microsoft WebDAV component is provided with Microsoft Internet Information Services Server (IIS) in order to provide support for WebDAV. This component is installed and enabled by default in IIS 5.0, and is an installable option in IIS 5.1 or 6.0. A vulnerability exists in the Microsoft WebDAV XML message handler. By sending a specially crafted WebDAV request, an attacker is able to trigger this vulnerability on a vulnerable server running Microsoft IIS and WebDAV. Such a specially crafted request can cause the WebDAV XML message handler to consume large amounts of memory and CPU resources, creating a denial of service condition. If the vulnerability is triggered once with a single crafted WebDAV message, the IIS server may continue to service requests with degraded performance. The service likely will return to normal resource consumption levels several minutes after the attack is complete. If the vulnerability is triggered multiple times, or with a WebDAV message containing a very large number of attributes, the IIS server may become completely unresponsive and all web service may be suspended. User intervention is required to restart IIS on the target to restore service. |
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Server Enforcement Violation.
Attack Information: Microsoft IIS WebDAV XML message handler denial of service (MS04-030)