WebDAV directory listing

Description

The WebDAV PROPFIND Method retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). If Directory Browsing is enabled, a list of all resources and their properties under this directory is returned in the response. Using this method is possible to obtain a recursive directory listing of all the files&folders from this URI. This may help an attacker to learn more about his target.

Remediation

Disable or remove WebDAV if you don't need it on this server. Otherwise, restrict Directory Browsing permissions to select URIs.

References