May 18, 2009

New Microsoft IIS flaw

A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that "adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS." The vulnerability was rated “moderately critical” and affects Microsoft IIS 5.1 and 6.0, according to an advisory from Secunia. Storm Center handlers recommended turning off WebDav until more details about the vulnerability are uncovered. — AM
Related Articles
Related Topics

Sign up to our newsletters

More in News

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial ...

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help ...

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.