SuSE Apache WebDAV Directory Listings Vulnerability

Add the following entries in httpd.conf for each directory you want open to WebDAV:

<Directory /webdav/directory/goes/here>
#add other directives as needed such as Order allow,deny
<IfDefine DAV>

Stop and restart Apache.

To completely disable WebDAV, find the following entries in httpd.conf:

<IfDefine DAV>

and change "On" to "Off".

By default there only "/usr/local/httpd/htdocs" is the only directory with the
IfDefine DAV directive. Other directories with this directive will also need to be changed.

Stop and restart Apache.

To start Apache without the WebDAV module, edit
/etc/rc.d/rc3.d/S20apache and comment out ("#") the following line:

test -e /usr/lib/apache/ && MODULES="-D DAV $MODULES"

The next time Apache is started, this module will not be included.

SuSE Linux 6.0

SuSE Linux 6.1

SuSE Linux 6.2

SuSE Linux 6.3

SuSE Linux 6.4

SuSE Linux 7.0


Privacy Statement
Copyright 2010, SecurityFocus