Re: Article on WebDAV Vulnerability (MS03-007)

From: Kyle Lai (
Date: 03/25/03

From:     Kyle Lai <>
Date: Mon, 24 Mar 2003 15:40:23 -0800

Systems that have the patch applied should definitely use IISLockdown
and URLScan utilities to fully protect themselves from WebDAV and other

URLScan and IISLockdown tools alone are not enough to protect this
WebDAV vulnerability. If you want to read all the DLL's that were
effected without the patch, please refer to David Litchfield's paper,
and the URL is referenced in the KLC Consulting's article

The KLC article will have on-going updates as new and critical
information becomes available.

If you use Nessus, the detection rules is available from the Nessus
site. It uses the "SEARCH" command to test for WebDAV vulnerabilities.


KLC Consulting, Inc.

*** Sent via Developersdex ***
Don't just participate in USENET...get rewarded for it!