A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5335
http://www.microsoft.com/technet/support/kb.asp?ID=272079
http://www.atstake.com/research/advisories/2000/a100400-1.txt