WebDAV with no realms defined, but security scan shows write access!
We set up a Web server with SSL on, using port 443, and turned on WebDAV to enable remote maintenance. No realms are yet defined, so no one should be able to use WebDAV access as far as we know, but our organization's automated security scanner has been able to successfully PUT and delete files in areas that it should not have access to.
Is tehre a security hole in Apache2 somewhere? How can we restrict access to WebDAV and the PUT and delete methods? I don't understand how this can happen just by turning WebDAV on.
Is tehre a security hole in Apache2 somewhere? How can we restrict access to WebDAV and the PUT and delete methods? I don't understand how this can happen just by turning WebDAV on.
Mac OS X (10.5.4), Leopard server, all security updates applied