[原文]A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
If Index Server is enabled in Microsoft Internet Information Server 5.0, it is possible for a remote user to view the entire root directory structure and all sub-directories due to a flaw in the Web Distributed Authoring and Versioning (WebDAV) search implementation. Hidden directories, include files (*.inc), or other documents that would not normally be accessible through the regular website interface can be exposed through this exploit.
Successful exploitation could lead to the discovery of certain files that may contain sensitive information such as usernames and passwords.
The Index Server is disabled by default in IIS 5.0 and only directories that have the 'Index' property set are affected by this vulnerability.
SEARCH / HTTP/1.1
Select "DAV:displayname" from scope()
Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
Remote / Network Access
Loss of Confidentiality
Microsoft IIS supports the SEARCH HTTP method in Web Distributed Authoring and Versioning (WebDAV), which contains a flaw that may lead to an unauthorized information disclosure. When the Index Server is enabled, it is possible for a remote attacker to arbitrary view directory listings and gain access to sensitive information such as hidden directories or files containing passwords, resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: If the Index Server is not essential for your site, disable or uninstall the service. If you need the Index Server, make sure that you disable the 'Index this resource' option for directories which contains sensitive information. Consult your documentation or vendor for detailed instructions on how to accomplish this.