Details
WebDAV is an extension to the HTTP protocol which allows clients to create, move, and delete files and resources on the web server. This functionality is available in IIS when the WebDAV feature is enabled.
Rationale:
WebDAV is not widely used, and it has serious security concerns because it may allow clients to modify unauthorized files on the web server. Therefore, the WebDav feature should be disabled.
Solution
To disable this feature using PowerShell, enter the following command:
Remove-WindowsFeature Web-DAV-Publishing
Verify that Success is True
Default Value:
The default state of WebDAV Publishing is disabled
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Windows.