Skip navigation

Denial of Service Vulnerability in Microsoft WebDAV XML Message Handler

Reported October 12, 2004, by Microsoft


  • Windows Server 2003
  • Windows XP Service Pack 1 (SP1) and earlier
  • Windows 2000

A vulnerability in the WWW Distributed Authoring and Versioning (WebDAV) XML Message Handler could result in a Denial of Service (DoS) condition on the vulnerable system. A potential attacker could exploit this vulnerability by sending a specially crafted WebDAV request to a server that's running Microsoft IIS and WebDAV, which could cause WebDAV to consume all available memory and CPU time on an affected server. The IIS service would have to be restarted to restore functionality.

Microsoft has released bulletin MS04-030, "Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)," to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

Discovered by Amit Klein and Sanctum.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.