Info Web Application Scanning Plugin ID 98087
DescriptionWeb Distributed Authoring and Versioning (WebDAV) is a facility that enables
basic file management (reading and writing) to a web server. It essentially allows
the webserver to be mounted by the client as a traditional file system allowing
users a very simplistic means to access it as they would any other medium or
If discovered, attackers will attempt to harvest information from the WebDAV
enabled directories, or even upload malicious files that could then be used to
compromise the server.
Scanner discovered that the affected page allows WebDAV access. This was discovered
as the server allowed several specific methods that are specific to WebDAV (`PROPFIND`,
`PROPPATCH`, etc.), however, further testing should be conducted on the WebDAV
component specifically as scanner does support this feature.
SolutionIdentification of the requirement to run a WebDAV server should be considered. If it is not required then it should be disabled. However, if it is required to meet the application functionality, then it should be protected by SSL/TLS as well as the implementation of a strong authentication mechanism.