WebDAV

Info Web Application Scanning Plugin ID 98087

Synopsis

WebDAV

Description

Web Distributed Authoring and Versioning (WebDAV) is a facility that enables
basic file management (reading and writing) to a web server. It essentially allows
the webserver to be mounted by the client as a traditional file system allowing
users a very simplistic means to access it as they would any other medium or
network share.

If discovered, attackers will attempt to harvest information from the WebDAV
enabled directories, or even upload malicious files that could then be used to
compromise the server.

Scanner discovered that the affected page allows WebDAV access. This was discovered
as the server allowed several specific methods that are specific to WebDAV (`PROPFIND`,
`PROPPATCH`, etc.), however, further testing should be conducted on the WebDAV
component specifically as scanner does support this feature.

Solution

Identification of the requirement to run a WebDAV server should be considered. If it is not required then it should be disabled. However, if it is required to meet the application functionality, then it should be protected by SSL/TLS as well as the implementation of a strong authentication mechanism.

See Also

http://en.wikipedia.org/wiki/WebDAV

Plugin Details

Severity: Info

ID: 98087

Type: remote

Family: Web Servers

Published: 2017/03/31

Modified: 2017/10/16

Risk Information

Risk Factor: Informational