WebDAV Directory Has Write Permissions (IIS)

Severity: High
Summary#

Invicti detected that WebDAV is enabled on this server and this directory has write permissions enabled. Invicti was able to create a test file within this directory using the PUT method. After the test, Invicti tried to delete the file.

Impact#
Malicious users may create or modify files in this directory without providing any type of authentication and they might;
  • Gain full access to the application server.
Remediation#
Restrict access for method PUT or if it's not being used, consider disabling it.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works