WebDAV Directory Listing

Description

The WebDAV PROPFIND Method retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). If Directory Browsing is enabled, a list of all resources and their properties under this directory is returned in the response. Using this method is possible to obtain a rescursive directory listing of all the files&folders from this URI. This may help an attacker to learn more about his target.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Possible sensitive information disclosure.

Recommendation
Disable or remove WebDAV if you don't need it on this server. Otherwise, restrict Directory Browsing permissions to select URIs.

References
How to disable WebDAV for IIS 5.0