AnsweredAssumed Answered

Microsoft IIS 6.0 Buffer Overflow Zero Day

Question asked by adamc on Apr 3, 2017
Latest reply on Apr 4, 2017 by Albert Ros

How is this vulnerability (CVE-2017-7269) identified?  I see QID 87284 as the identifier however when I review the 6 or so instances that are flagged in my environment, only 1 is actually vulnerable due to being the only one with WebDAV service running.  It appears that this QID simply looks for IIS 6.0 installations.

 

Wouldn't a better detection be to identify instances of IIS 6.0 with WebDAV service running and PROPFIND enabled?  

QID 86241 - WebDAV HTTP Method "PROPFIND" Enabled

Outcomes