How is this vulnerability (CVE-2017-7269) identified? I see QID 87284 as the identifier however when I review the 6 or so instances that are flagged in my environment, only 1 is actually vulnerable due to being the only one with WebDAV service running. It appears that this QID simply looks for IIS 6.0 installations.
Wouldn't a better detection be to identify instances of IIS 6.0 with WebDAV service running and PROPFIND enabled?
QID 86241 - WebDAV HTTP Method "PROPFIND" Enabled