WebDAV Directory with Write Permissions


WebDAV is enabled on this server and this directory has write permissions enabled. Acunetix WVS was able to create a test file within this directory using the PUT method. The PUT method is a part of the WebDAV standard for remote content editing. A poorly configured Web server can mistakenly provide remote access to the PUT method without requiring any form of login.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Malicious users may create or modify files in this directory without providing any type of authentication.

Restrict access for method PUT or if it's not being used, consider disabling it.

W3C - RFC 2616
How to disable WebDAV for IIS 5.x