Una amigo mio tiene una pagina web, que tiene el siguente bug:

Microsoft Internet Information Services has been reported vulnerable to a denial of service. When WebDAV receives excessively long requests to the 'PROPFIND' or 'SEARCH' variables, the IIS service will fail. All current web, FTP, and email sessions will be terminated. IIS will automatically restart and normal service will resume. ** It has been reported that if a WebDAV request with a certain number of bytes is received, the Inetinfo service will remain alive but cease serving requests. This will cause the IIS server to stop serving requests until the service is manually restarted.

Se trata del bug denegacion del servicio (DOS), como lo puede resolver. Porfa ayuda

Solución:
http://www.securityfocus.com/bid/7735/solution

muchas gracias crypress. Tambien tiene la vulnerabilidad Cross Site Scripting (XSS) que afectan los JavaScript, VBScript, ActiveX, HTML or Flash, tiene que ser actualizados para solucionar el fallo, os dejo mas detalles:

Vulnerability description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.

Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
This vulnerability affects /1/1_1_6.asp.
The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.
Attack details
The GET variable sentF has been set to >"><ScRiPt%20%0a%0d>alert(1669422178)%3B</ScRiPt>.


View HTTP headers

Request
GET /1/1_1_6.asp?sentF=>"><ScRiPt%20%0a%0d>alert(1669422178)%3B</ScRiPt> HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: www.XXXXXXX.org
Cookie: ASPSESSIONIDSCRTQCDB=MPIPGODDCMLEHOAOGGHPJPMF;PREF =ID=44b1585dcd55627a:TM=1180253156:LM=1180253156:S =C6vZ9v7rVzVaEwjx
Connection: Close
Pragma: no-cache
Response
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 27 May 2007 08:16:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 26023
Content-Type: text/html
Cache-control: private
Cross Site Scripting

es tan dificil de resolver esta vulnerabilidad ??

Es que si no decis el nombre, es dificil de buscar; lo que podes hacer es entrar a www.securityfocus.com, esa pagina es genial!!
Ahí podes encontrar como parchear tu vulneravilidad, podes encontrar los expoits para esa vulneravilidad (la garra es que hay que modificarlos) explicaciones, y discuciones sobre la misma.
No se que scaner usaste, pero copiá el mismo nombre que te da el scaner y pegalo en el buscador de security focus ahí seguro que lo vas a encontrar, la otra sino, con google, ej: blablabla site:securityfocus.com

usas google para buscar en la pagina.

Espero que te sirva, pero como siempre la mejor manera de parchear cualquier vulneravilidad, es actualizar todo el server, tecnología o lo que sea.

Saludos,
Cypress

muchas gracias Cypress, para tu atencion y para la respuesta. Saludos

Solución 2: http://www.desarrolloweb.com/articulos/1379.php (instalación del servidor apache)
El servidor más usado en internet.

Saludos.