Detections
Analytics

WebDAV

info Web App Scanning Plugin ID 98087

Language:

Synopsis

WebDAV

Description

Web Distributed Authoring and Versioning (WebDAV) is a facility that enables basic file management (reading and writing) to a web server. It essentially allows the webserver to be mounted by the client as a traditional file system allowing users a very simplistic means to access it as they would any other medium or network share.

If discovered, attackers will attempt to harvest information from the WebDAV enabled directories, or even upload malicious files that could then be used to compromise the server.

Scanner discovered that the affected page allows WebDAV access. This was discovered as the server allowed several specific methods that are specific to WebDAV (`PROPFIND`, `PROPPATCH`, etc.), however, further testing should be conducted on the WebDAV component specifically as scanner does support this feature.

Solution

Identification of the requirement to run a WebDAV server should be considered. If it is not required then it should be disabled. However, if it is required to meet the application functionality, then it should be protected by SSL/TLS as well as the implementation of a strong authentication mechanism.

See Also

http://en.wikipedia.org/wiki/WebDAV

https://www.ietf.org/rfc/rfc4918.txt

Plugin Details

Severity: Info

ID: 98087

Type: remote

Family: Web Servers

Published: 3/31/2017

Updated: 6/28/2022

Scan Template: api, basic, full, pci, scan