Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing

Medium Nessus Plugin ID 10526


The remote service is vulnerable to inforamtion disclosure.


It is possible to retrieve the listing of the remote directories accessible via HTTP, rather than their index.html, using the Index Server service which provides WebDav capabilities to this server.

This problem allows an attacker to gain more knowledge about the remote host, and may make him aware of hidden HTML files.


Disable the Index Server service.

See Also

Plugin Details

Severity: Medium

ID: 10526

File Name: webdav_iis.nasl

Version: $Revision: 1.22 $

Type: remote

Family: Web Servers

Published: 2000/10/05

Modified: 2016/11/29

Dependencies: 10107, 11919, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

Vulnerability Publication Date: 2000/10/04

Reference Information

CVE: CVE-2000-0951

BID: 1756

OSVDB: 425