This forum is closed. Thank you for your contributions.

Remove From My Forums

List of Verbs required for Sharepoint 2007 SP1

Question
0

Sign in to vote

Hi All,

Recently we had the security testing done for one of our MOSS application. One medium prioirity risk was raised during the test. Following are the details regarding the same :

Insecure http methods are enabled on the server :

It seems that the web server is configured to allow one (or more) of the following HTTP methods

(verbs):

- DELETE

- SEARCH

- COPY

- MOVE

- PROPFIND

- PROPPATCH

- MKCOL

- LOCK

- UNLOCK

- PUT

These methods may indicate that WebDAV is enabled on the server, and may allow unauthorized

users to exploit it.

Please let me know if there is any way of disabling these methods.

Also if someone can share the best practice for hardening a sharepoint instance.

Regards,

Jasjeet Singh

Thursday, March 8, 2012 5:51 PM

Answers

0

Sign in to vote
These methods may indicate that WebDAV is enabled on the server, and may allow unauthorized users to exploit it.

Please let me know if there is any way of disabling these methods.

Also if someone can share the best practice for hardening a sharepoint instance.

Check out this post about disabling WebDAV in SharePoint. It discusses the WebDAV functionality SharePoint has. The post also describes how to disable WebDAV if you do not require this functionality in your farm.

As for hardening, the Plan for and design security (Office SharePoint Server) articles describe security hardening methods for different farm scenarios.
Jason Warren
Infrastructure Specialist
Habañero Consulting Group
www.habaneros.com/blog
- Marked as answer by Jack-GaoModerator Monday, March 19, 2012 1:36 AM
Thursday, March 8, 2012 6:48 PM