2.7.3.1. 简介
WebDAV (Web-based Distributed Authoring and Versioning) 一种基于 HTTP 1.1协议的通信协议。它扩展了HTTP 1.1,在GET、POST、HEAD等几个HTTP标准方法以外添加了一些新的方法,使应用程序可对Web Server直接读写,并支持写文件锁定、解锁,以及版本控制等功能。
支持的方法具体为:
-
- OPTIONS
-
- 获取服务器的支持
-
- GET / PUT / POST / DELETE
-
- 资源操作
-
- TRACE
-
- 跟踪服务器
- HEAD
-
- MKCOL
-
- 创建集合
- PROPFIND / PROPPATCH
- COPY / MOVE
- LOCK / UNLOCK
2.7.3.2. 相关CVE
-
- CVE-2015-1833
-
- Apache Jacrabbit WebDav XXE
- http://www.securityfocus.com/archive/1/535582
-
- CVE-2015-7326
-
- Milton WebDav XXE
- http://www.securityfocus.com/archive/1/536813
2.7.3.3. 参考链接
2.7.3.3.1. RFC
- RFC 3253 Versioning Extensions to WebDAV (Web Distributed Authoring and Versioning)
- RFC 3648 Web Distributed Authoring and Versioning (WebDAV) Ordered Collections Protocol
- RFC 3744 Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol
- RFC 4437 Web Distributed Authoring and Versioning (WebDAV) Redirect Reference Resources
- RFC 4918 HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)
- RFC 5323 Web Distributed Authoring and Versioning (WebDAV) SEARCH
- RFC 5842 Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)