Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability

2009-06-09T00:00:00
ID SMNTC-35232
Type symantec
Reporter Symantec Security Response
Modified 2009-06-09T00:00:00

Description

Description

Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability because it fails to properly enforce access restrictions on certain requests to a site that requires authentication. An attacker can exploit this issue to gain unauthorized access to protected resources, which may lead to other attacks. This issue affects IIS 5.0.

Technologies Affected

  • Avaya Messaging Application Server
  • Avaya Messaging Application Server MM 1.1
  • Avaya Messaging Application Server MM 2.0
  • Avaya Messaging Application Server MM 3.0
  • Avaya Messaging Application Server MM 3.1
  • Microsoft IIS 5.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.

Run all software as a nonprivileged user with minimal access rights.
To limit the consequences of successful exploits, run server processes within a restricted environment using facilities such as chroot or jail.

Microsoft has released an advisory and fixes for this issue. Please see the references for details.