| VID |
22429 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A WebDAV-enabled directory is detected on the target Web server. WebDAV (World Wide Web Distributed Authoring and Versioning) is an industry standard extension to the HTTP specification. WebDAV adds a capability for authorized users to remotely add and manage the content of a web server. Some versions of WebDAV have serious vulnerabilities. If use of WebDAV is not required, disable it from the system.
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
If you require the use of WebDAV, ensure that security settings had been configured properly or patches had been applied for best security practices.
-- OR --
If use of WebDAV is not required or if it was enabled under suspicious circumstances, disable it from the system.
To disable WebDAV for IIS 5.0, refer to the Microsoft Knowledge Base Article 241520 at http://support.microsoft.com/default.aspx?scid=kb;[LN];241520
For Apache, to completely disable WebDAV, find the following entries in httpd.conf:
<IfDefine DAV>
DAV On
</IfDefine>
and change "On" to "Off".
By default there only "/usr/local/httpd/htdocs" is the only directory with the
IfDefine DAV directive. Other directories with this directive will also need to be changed.
Stop and restart Apache. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
