We set up a Web server with SSL on, using port 443, and turned on WebDAV to enable remote maintenance. No realms are yet defined, so no one should be able to use WebDAV access as far as we know, but our organization's automated security scanner has been able to successfully PUT and delete files in areas that it should not have access to.
Is tehre a security hole in Apache2 somewhere? How can we restrict access to WebDAV and the PUT and delete methods? I don't understand how this can happen just by turning WebDAV on.
Mac OS X (10.5.4), Leopard server, all security updates applied
This site contains user submitted content, comments and opinions and is for informational purposes only.
Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site.