Malformed WebDAV request can cause IIS to exhaust CPU resources

Article translations Article translations
Article ID: 291845
This article has been archived. It is offered "as is" and will no longer be updated.
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx
Expand all | Collapse all

Symptoms

World Wide Web Distributed Authoring and Versioning (WebDAV) is an extension to the HTTP protocol that allows remote authoring and management of Web content. In the Windows 2000 implementation of the protocol, Microsoft Internet Information Services (IIS) 5.0 performs the initial processing of all WebDAV requests, and then forwards the appropriate commands to the WebDAV process. However, a flaw exists in the way WebDAV handles a particular type of malformed request. If a stream of such malformed requests is directed at an affected server, it consumes all CPU availability on the server.

Mitigating Factors:
  • The effect of an attack through this vulnerability is temporary. The server automatically resumes normal service as soon as the malformed requests stop arriving.
  • This vulnerability does not provide an attacker with any capability to carry out WebDAV requests.
  • This vulnerability does not provide any capability to compromise data on the server or gain administrative control over the server.
Microsoft recommends that customers apply the patch described in this article to any servers running IIS 5.0. Although this includes Web servers, other services may also require that IIS 5.0 be enabled. For example, Exchange 2000 Server uses IIS 5.0 to provide Outlook Web Access (OWA) services. Therefore, computers running Exchange 2000 Server that provide OWA services should implement the patch to protect their IIS 5.0 services from this vulnerability.

Resolution

To resolve this problem, obtain the latest service pack for Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
The English version of this fix should have the following file attributes or later:
   Date        Time    Version      Size     File name
   -----------------------------------------------------
   03/12/2001  10:57a  0.9.3940.20  439,056  Httpext.dll
				
IMPORTANT: If you previously performed the workaround described in article Q241520, the following dialog box may be displayed when you install this fix:
Copy Error Setup cannot copy the file httpext.dll. Ensure that the location specified below is correct, or change it and insert 'Windows 2000 System Files' in the drive you specify. Copy files from: (drop down box below) c:\%windir%\system32\inetsrv
To bypass this dialog box, follow these steps to re-enable WebDAV:
  1. Open Windows Explorer.
  2. Go to your %SystemRoot%\System32\Inetsrv folder.
  3. Right-click your Httpext.dll file, and then click Properties.
  4. Click the Security tab.
  5. Select Everyone, and then click Remove.
  6. Select the Allow inheritable permissions from parent to propagate to this object check box, and then click Apply.
  7. Click OK to exit the Properties dialog box.

Workaround

For more information about how to work around this problem, click the following article number to view the article in the Microsoft Knowledge Base:
241520 How to disable WebDAV for IIS 5.0

Status

Microsoft has confirmed that this is a problem in Microsoft Windows 2000. This problem was first corrected in Windows 2000 Service Pack 2.

More information

For more information on this vulnerability, see the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms01-016.mspx
For more information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the following article number to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 hotfixes

Properties

Article ID: 291845 - Last Review: June 19, 2014 - Revision: 5.0
Keywords: 
kbnosurvey kbarchive kbbug kbfix kbwin2000presp2fix KB291845

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com