Apache WebDAV Module PROPFIND Arbitrary Directory Listing

This script is Copyright (C) 2000-2011 Tenable Network Security, Inc.


Synopsis :

The remote server is vulnerable to an information disclosure attack.

Description :

The WebDAV module can be used to obtain a listing of the remote web
server directories even if they have a default page such as
index.html.

This allows an attacker to gain valuable information about the
directory structure of the remote host and could reveal the presence
of files which are not intended to be visible.

Solution :

Disable the WebDAV module, or restrict its access to authenticated and
trusted clients.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)

Family: Web Servers

Nessus Plugin ID: 10505 ()

Bugtraq ID: 1656

CVE ID: CVE-2000-0869

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial