Description
The WebDAV PROPFIND Method retrieves properties for a resource identified by the request Uniform Resource Identifier (URI). If Directory Browsing is enabled, a list of all resources and their properties under this directory is returned in the response. Using this method is possible to obtain a recursive directory listing of all the files&folders from this URI. This may help an attacker to learn more about his target.
Remediation
Disable or remove WebDAV if you don't need it on this server. Otherwise, restrict Directory Browsing permissions to select URIs.
References
Related Vulnerabilities
Open Silverlight Client Access Policy
Vulnerable project dependencies
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)