Network Security, Patch/Configuration Management, Vulnerability Management

New Microsoft IIS flaw

A vulnerability in Microsoft Internet Information Services (IIS) web server could enable an attacker to access or upload files to protected WebDAV folders. The SANS Internet Storm Center said in a blog post that "adding certain Unicode characters to an URL makes it possible to bypass authentication in IIS." The vulnerability was rated “moderately critical” and affects Microsoft IIS 5.1 and 6.0, according to an advisory from Secunia. Storm Center handlers recommended turning off WebDav until more details about the vulnerability are uncovered. — AM

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.