![]() "Due to the high number of exploits that require a distribution method such as WebDAV to work, the eEye Reseach Team recommends that measures are put in place to disable WebDAV." it can also be used for activities such as content publishing, where an organization's marketing department, for example, is empowered to make website updates themselves."īut eEye argues that WebDAV has become too useful to hackers. ![]() "WebDAV can be used internally at an organization for document management, editing, etc. The report explains WebDAV as the HTTP-based protocol predominantly used for collaboration. Combined, these two mitigators would have prevented approximately 12% of all vulnerabilities patched by Microsoft in 2010 from easy exploitation." "The two mitigations are the blocking of WebDAV connections and the disabling of Office file converters. "A significant number of Microsoft software vulnerabilities fixed in 2010 could have been proactively mitigated by applying two simple configuration changes," states the report. The report argues that software configuration management is a critical but often overlooked security defense against hackers trying to exploit software vulnerabilities. Maiffret says he hopes the report will spur constructive debate about not only WebDAV, but the possibilities of using software configuration and filtering as a security defense.
0 Comments
Leave a Reply. |