locked
List of Verbs required for Sharepoint 2007 SP1 RRS feed

  • Question

  • Hi All,

    Recently we had the security testing done for one of our MOSS application. One medium prioirity risk was raised during the test. Following are the details regarding the same :

    Insecure http methods are enabled on the server :

    It seems that the web server is configured to allow one (or more) of the following HTTP methods

    (verbs):

    - DELETE

    - SEARCH

    - COPY

    - MOVE

    - PROPFIND

    - PROPPATCH

    - MKCOL

    - LOCK

    - UNLOCK

    - PUT

    These methods may indicate that WebDAV is enabled on the server, and may allow unauthorized

    users to exploit it.

    Please let me know if there is any way of disabling these methods.

    Also if someone can share the best practice for hardening a sharepoint instance.

    Regards,

    Jasjeet Singh

    Thursday, March 8, 2012 5:51 PM

Answers