WebDAV Detection

OWASP 2013-A5 OWASP 2017-A6 OWASP PC-C6 CWE-16 ISO27001-A.9.4.4 WASC-15

WebDAV is an extension to the HTTP protocol. This protocol allows remote authorized users to add or remove content from the web server. This web application improperly handles objects in memory. It might allow an attacker to run arbitrary code on the end user’s system. An attacker who has successfully exploited this vulnerability could gain the same user rights as the current user.

Impact

The attacker will gain full access to add and change content in the web application.

Mitigation / Precaution The solution for this vulnerability include:-

  • If you are not using WebDAV, it is better that you disable it.
  • Try to use Vulnerability Management tools like AVDS. It detects WebDAV in your web application.

Latest Articles