Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: IIS admins, help finding WebDAV - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IIS admins, help finding WebDAV

Microsoft have pointed to one of their KB articles for helping admins in an enterprise to locate IIS boxes with WebDAV enabled. It is located here. There is also a blog post here with some FAQ on WebDAV. This is particularly useful if you are concerned about IIS 6.0 WebDav Remote Auth Bypass on internal systems.

Adrien de Beaupré Inc.


Adrien de Beaupre

353 Posts
ISC Handler
May 21st 2009
A test Comment from MH

392 Posts
ISC Handler
But has anyone answered *definitively* whether or not Sharepoint is impacted?
3 Posts
See for an answer (not only) to that question: "No, Sharepoint is not vulnerable to this vulnerability. The Sharepoint team does not use the same code as IIS. Their DAV server goes against their backend SQL store, not the file system."
another quick test comment. If your comments don't show up with a diary, please use the feedback form at…

4504 Posts
ISC Handler
Apropos Sharepoint:
"We take product quality seriously and make every effort to avoid and resolve issues that adversely impact our customers. Unfortunately, we have recently discovered a bug with Service Pack 2 (SP2) that affects all customers that have deployed it for SharePoint Server 2007.

During the installation of SP2, a product expiration date is improperly activated. This means SharePoint will expire as though it was a trial installation 180 days after SP2 is deployed."

Sign Up for Free or Log In to start participating in the conversation!