For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Parveez_70209's avatar
Parveez_70209
Icon for Nimbostratus rankNimbostratus
Aug 09, 2014

Vulnerability : "WebDAV extensions are enabled"" : Suggestion Needed

Hi Team,   Need suggestion related to Vulnerability : "WebDAV extensions are enabled".   As Web-based Distributed Authoring and Version (WebDAV) is a set of extensions to the HTTP/1.1 protocol ...
IheartF5_45022's avatar
IheartF5_45022
Icon for Nacreous rankNacreous
Aug 12, 2014

Hi again - the above will ensure that WebDav functionality works, however if what you are trying to do is to remove the vulnerability and disable WebDav, then you will want to block any WebDav requests;-

when HTTP_REQUEST {
    switch [HTTP::method] {
        "GET" -
        "POST" -
        "HEAD" {
             Allowed methods - do nothing
        }
        default {
            HTTP::respond 405 content "Method not allowed"
            return
        }
    }
}

This will mean that wehn you re-run your scan you will not get pinged on WebDav (but obviously this depends on your business requirement).