Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
Detail

Code Execution via WebDAV

Severity: Critical

Summary

Netsparker identified that code execution via WebDAV. Netsparker successfully uploaded a file via PUT method and then renamed this file via MOVE method. When requesting the file, code is executed in the context of the web server. At the end of the attack, Netsparker tried to delete the file.

Impact
An attacker can execute malicious code by abusing the Code Execution via WebDAV vulnerability on the server.
Remediation
Remove write permissions from this directory or disable WebDAV if it's not being used.
Required Skills for Successful Exploitation
This vulnerability is not difficult to leverage. Successful exploitation requires knowledge of the programming language, access to or the ability to produce source code for use in such attacks, and minimal attack skills.
Classifications
PCI v3.1-6.5.8, PCI v3.2-6.5.8, CAPEC-17, CWE-94, HIPAA-94, ISO27001-A.14.2.5, WASC-17, OWASP 2017-A6 , CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Netsparker Security Insights
Helpful Use Cases
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

Tags

code 

Related Vulnerabilities

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

RESOURCES

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd

  • 220 Industrial Blvd Ste 102
    Austin, TX 78745
Copyright © 2020 Netsparker Ltd. All rights reserved.
Privacy Policy | Data Protection Policy | Sitemap