Forum Discussion
NimbostratusVulnerability : "WebDAV extensions are enabled"" : Suggestion Needed
Hi Team,
Need suggestion related to Vulnerability : "WebDAV extensions are enabled".
As Web-based Distributed Authoring and Version (WebDAV) is a set of extensions to the HTTP/1.1 protocol specification that allows users to collaboratively edit and manage files on remote web servers. And since it coincides with the HTTP/1.1 standard defined in RFC2616, WebDAV functionality is supported using a virtual server with an HTTP profile applied, correct ?
However, the BIG-IP HTTP profile does not currently support all request methods added in the WebDAV HTTP Extensions specification (RFC2518).
Supported WebDAV methods:
•DELETE •LOCK •UNLOCK •PROPFIND
Unsupported WebDAV methods: •PROPPATCH •MKCOL •COPY •MOVE
So, can this be mitigated with the below:
when CLIENT_ACCEPTED { Enable HTTP processing for all requests by default HTTP::enable }
when HTTP_REQUEST { selectively disable HTTP processing for specific request methods switch [HTTP::method] { "MOVE" - "COPY" - "LOCK" - "UNLOCK" - "PROPFIND" - "PROPPATCH" - "MKCOL" { HTTP::disable } }
}
Thanks and Regards PZ
3 Replies
Cory_50405Noctilucent
Do you happen to have ASM also licensed on your LTM? If so you can disable and enable the HTTP methods from there without usage of iRules.
IheartF5_45022Nacreous
Hi again - the above will ensure that WebDav functionality works, however if what you are trying to do is to remove the vulnerability and disable WebDav, then you will want to block any WebDav requests;-
when HTTP_REQUEST { switch [HTTP::method] { "GET" - "POST" - "HEAD" { Allowed methods - do nothing } default { HTTP::respond 405 content "Method not allowed" return } } }This will mean that wehn you re-run your scan you will not get pinged on WebDav (but obviously this depends on your business requirement).
