WebDAV Directory Has Write Permissions
Summary#
Invicti detected that WebDAV is enabled on this server and this directory has write permissions enabled. Invicti was able to create a test file within this directory using the PUT
method. After the test, Invicti tried to delete the file.
Impact#
Malicious users may create or modify files in this directory without providing any type of authentication and they might;
- Gain full access to the application server.
Remediation#
Restrict access for method
PUT
or if it's not being used, consider disabling it.