edit-icon download-icon

[Vulnerability notice] WebDAV directory with write permissions

Last Updated: Nov 23, 2017

Description

Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that allows clients to perform remote Web content authoring operations.

By default, WebDAV enables the write permission for target directories.

  • Malicious attackers may use the PUT method of the HTTP protocol to write any files to the directory, or to overwrite existing files under the current directory with any content they want.

  • Malicious attackers may upload webshell programs to the server to gain full control over the server. They may also overwrite any file on the server to cause data loss or system damage.

Fix

Disable WebDAV.

Disable WebDAV in IIS6

  1. Open Install and uninstall Windows components in Windows 2003 and locate the application server.

  2. Select the IIS component option and clear the WebDAV option.

  3. Restart IIS.

Thank you! We've received your feedback.