Check Point Advisories

Microsoft IIS WebDAV XML Message Handler Denial of Service (MS04-030; CVE-2003-0718)

Check Point Reference: CPAI-2004-189
Date Published: 8 Dec 2009
Severity: Critical
Last Updated: Tuesday 08 December, 2009
Source:
Industry Reference:CVE-2003-0718
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description The WebDAV protocol (Web-based Distributed Authoring and Versioning) is an extension to HTTP/1.1 that provides a capability for web page authoring over HTTP. The Microsoft WebDAV component is provided with Microsoft Internet Information Services Server (IIS) in order to provide support for WebDAV. This component is installed and enabled by default in IIS 5.0, and is an installable option in IIS 5.1 or 6.0. A vulnerability exists in the Microsoft WebDAV XML message handler. By sending a specially crafted WebDAV request, an attacker is able to trigger this vulnerability on a vulnerable server running Microsoft IIS and WebDAV. Such a specially crafted request can cause the WebDAV XML message handler to consume large amounts of memory and CPU resources, creating a denial of service condition. If the vulnerability is triggered once with a single crafted WebDAV message, the IIS server may continue to service requests with degraded performance. The service likely will return to normal resource consumption levels several minutes after the attack is complete. If the vulnerability is triggered multiple times, or with a WebDAV message containing a very large number of attributes, the IIS server may become completely unresponsive and all web service may be suspended. User intervention is required to restart IIS on the target to restore service.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Microsoft IIS WebDAV XML Message Handler Denial of Service (MS04-030) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Microsoft IIS WebDAV XML message handler denial of service (MS04-030)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK