|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
Microsoft IIS with WebDAV contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a malformed PROPFIND request containing an empty Host: header, which will disclose the server's internal IP address.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Open a command prompt and change the current directory to c:\inetpub\adminscripts or to where the adminscripts can be found. Run the commands:
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc
|
|
Products |
|
Internet Information Server
 |
4 |
5 |
5.1 |
|
|
|
|
|
|
|
Credit |
- David Litchfield - david
 ngssoftware.com - NGSSoftware
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
