CCE-92212-0Platform: Amazon Linux | Date: (C)2018-10-29 (M)2022-10-10 |
Disable WebDAV (Distributed Authoring and Versioning)
WebDAV is an extension of the HTTP protocol that provides distributed and
collaborative access to web content. If its functionality is unnecessary,
comment out the related modules:
#LoadModule dav_module modules/mod_dav.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
If there is a critical need for WebDAV, extra care should be taken in its configuration.
Since DAV access allows remote clients to manipulate server files, any location on the
server that is DAV enabled should be protected by access controls.
Parameter:
Technical Mechanism:
Minimizing the number of loadable modules available to the web server, reduces risk
by limiting the capabilities allowed by the web server.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48399 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48905 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:48399 |