Rapid7 Vulnerability & Exploit Database

WebDAV PROPFIND Method Allows Web Directory Browsing

Back to Search

WebDAV PROPFIND Method Allows Web Directory Browsing

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
01/01/2001
Created
07/25/2018
Added
07/30/2007
Modified
06/20/2013

Description

It is possible to use the WebDAV PROPFIND method to browse web directories on the server and discover content that would normally remain hidden. This could potentially allow an attacker to obtain sensitive information, such as data files and backup pages, or give them information about the directory structure that could be useful in mounting a more sophisticated attack later.

Solution(s)

  • disable-propfind-method-iis
  • restrict-propfind-method-apache
  • restrict-propfind-method-sunone
  • restrict-propfind-method-tomcat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;