Microsoft IIS WebDAV SEARCH Method Arbitrary Directory Forced Listing
Medium Nessus Plugin ID 10526
SynopsisThe remote service is vulnerable to inforamtion disclosure.
DescriptionIt is possible to retrieve the listing of the remote directories accessible via HTTP, rather than their index.html, using the Index Server service which provides WebDav capabilities to this server.
This problem allows an attacker to gain more knowledge about the remote host, and may make him aware of hidden HTML files.
SolutionDisable the Index Server service.