lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 27 May 2009 12:51:50 -0700
From: Steve Friedl <>
Subject: New paper: Understanding Microsoft's KB971492 IIS WebDAV Vuln

Hello all,

There has been a fair amount written on the vulnerability itself, but
there's a large cohort who has no idea if their systems are at risk
("What is WebDAV, and how do I know if I have or need it???").

So I've written a paper that lets one self-assess to see if this is
an issue or not, mainly with a flowchart the gets to a not-vulnerable
place reliably. Tech Tip: Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability

Those who find WebDAV enabled still have to find local experts to help
figure out if they have a problem or not, but this should help the bulk
of users who are not at risk.

I hope this is helpful.


Stephen J Friedl  | Security Consultant |  UNIX Wizard  | 714 694-0494 | Orange County, CA   | Microsoft MVP |

Powered by blists - more mailing lists