Re: Article on WebDAV Vulnerability (MS03-007)
From: Kyle Lai (firstname.lastname@example.org)
From: Kyle Lai <email@example.com> Date: Mon, 24 Mar 2003 15:40:23 -0800
Systems that have the patch applied should definitely use IISLockdown
and URLScan utilities to fully protect themselves from WebDAV and other
URLScan and IISLockdown tools alone are not enough to protect this
WebDAV vulnerability. If you want to read all the DLL's that were
effected without the patch, please refer to David Litchfield's paper,
and the URL is referenced in the KLC Consulting's article
The KLC article will have on-going updates as new and critical
information becomes available.
If you use Nessus, the detection rules is available from the Nessus
site. It uses the "SEARCH" command to test for WebDAV vulnerabilities.
Kyle Lai, CISSP, CISA
KLC Consulting, Inc.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!