SuSE Apache WebDAV Directory Listings Vulnerability

Solution:
Add the following entries in httpd.conf for each directory you want open to WebDAV:

<Directory /webdav/directory/goes/here>
#add other directives as needed such as Order allow,deny
<IfDefine DAV>
DAV On
</IfDefine>
</Directory>

Stop and restart Apache.

To completely disable WebDAV, find the following entries in httpd.conf:

<IfDefine DAV>
DAV On
</IfDefine>

and change "On" to "Off".

By default there only "/usr/local/httpd/htdocs" is the only directory with the
IfDefine DAV directive. Other directories with this directive will also need to be changed.

Stop and restart Apache.

To start Apache without the WebDAV module, edit
/etc/rc.d/rc3.d/S20apache and comment out ("#") the following line:

test -e /usr/lib/apache/libdav.so && MODULES="-D DAV $MODULES"

The next time Apache is started, this module will not be included.


S.u.S.E. Linux 6.0

S.u.S.E. Linux 6.1

S.u.S.E. Linux 6.2

S.u.S.E. Linux 6.3

S.u.S.E. Linux 6.4

S.u.S.E. Linux 7.0


 

Privacy Statement
Copyright 2010, SecurityFocus