Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix disclosure date for WebDAV module #11868

Merged
merged 1 commit into from May 22, 2019

Conversation

Projects
None yet
3 participants
@todb-r7
Copy link
Contributor

commented May 22, 2019

The disclosure date for this module claimed to be in 1994, which made it one of the oldest vulnerabilities exercised by Metasploit. However, this seems unlikely, for two reasons:

  • The SecurityFocus BID 12141 claims the vulnerability was first published on Dec 31, 2004. This seems to be the only reliable reference for this vulnerability.
  • The WebDAV specification itself wasn't described until 1999, in RFC 2518.

Verification

  • Start msfconsole
  • info exploit/windows/iis/iis_webdav_upload_asp
  • Verify date disclosure date is in 2004, not 1994.

@wvu-r7 wvu-r7 self-assigned this May 22, 2019

wvu-r7 added a commit to wvu-r7/metasploit-framework that referenced this pull request May 22, 2019

@wvu-r7 wvu-r7 merged commit 5523dce into rapid7:master May 22, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@wvu-r7

This comment has been minimized.

Copy link
Contributor

commented May 22, 2019

Release Notes

This fixes the disclosure date in the windows/iis/iis_webdav_upload_asp exploit module.

msjenkins-r7 added a commit that referenced this pull request May 22, 2019

@gdavidson-r7 gdavidson-r7 added the rn-fix label May 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.