Description

WebDAV is enabled on this server and this directory has write permissions enabled. Acunetix was able to create a test file within this directory using the PUT method. The PUT method is a part of the WebDAV standard for remote content editing. A poorly configured Web server can mistakenly provide remote access to the PUT method without requiring any form of login.

Remediation

Restrict access for method PUT or if it's not being used, consider disabling it.

References

W3C - RFC 2616

Microsoft WebDAV Documentation

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2199)

phpBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1627)

Unrestricted access to Apache HugeGraph

WordPress Plugin YITH WooCommerce Advanced Reviews Security Bypass (1.3.9)

WordPress Plugin All-in-One WP Migration Security Bypass (2.0.4)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration Arbitrary File Creation