Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: IIS admins, help finding WebDAV - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IIS admins, help finding WebDAV

Microsoft have pointed to one of their KB articles for helping admins in an enterprise to locate IIS boxes with WebDAV enabled. It is located here. There is also a blog post here with some FAQ on WebDAV. This is particularly useful if you are concerned about IIS 6.0 WebDav Remote Auth Bypass on internal systems.

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

 

Adrien de Beaupre

353 Posts
ISC Handler
A test Comment from MH
Mark

391 Posts
ISC Handler
But has anyone answered *definitively* whether or not Sharepoint is impacted?
Mark
3 Posts
@CH
See http://blogs.technet.com/srd/archive/2009/05/20/answers-to-the-iis-webdav-authentication-bypass-questions.aspx for an answer (not only) to that question: "No, Sharepoint is not vulnerable to this vulnerability. The Sharepoint team does not use the same code as IIS. Their DAV server goes against their backend SQL store, not the file system."
Anonymous
another quick test comment. If your comments don't show up with a diary, please use the feedback form at isc.sans.org/…
Johannes

3479 Posts
ISC Handler
Apropos Sharepoint:
http://blogs.msdn.com/sharepoint/archive/2009/05/21/attention-important-information-on-service-pack-2.aspx
"We take product quality seriously and make every effort to avoid and resolve issues that adversely impact our customers. Unfortunately, we have recently discovered a bug with Service Pack 2 (SP2) that affects all customers that have deployed it for SharePoint Server 2007.

During the installation of SP2, a product expiration date is improperly activated. This means SharePoint will expire as though it was a trial installation 180 days after SP2 is deployed."
Anonymous

Sign Up for Free or Log In to start participating in the conversation!