Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing

This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.


Synopsis :

The remote service is vulnerable to inforamtion disclosure.

Description :

It is possible to retrieve the listing of the remote
directories accessible via HTTP, rather than their index.html,
using the Index Server service which provides WebDav capabilities
to this server.

This problem allows an attacker to gain more knowledge
about the remote host, and may make him aware of hidden
HTML files.

See also :

http://support.microsoft.com/kb/272079

Solution :

Disable the Index Server service.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:U/RC:ND)

Family: Web Servers

Nessus Plugin ID: 10526 ()

Bugtraq ID: 1756

CVE ID: CVE-2000-0951

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial