/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
- Sometimes URL scan tools like AppScan report a Medium Vulnerability on Tomcat application server's WEBDAV servlet.
- Suggested Remediation Tasks: Disable WebDAV, or disallow unneeded HTTP methods
- Suggested Reasoning: The Allow header revealed that hazardous HTTP Options are allowed, indicating that WebDAV is enabled on the server.
Environment
Window 2008 platform
XI3.1 SP3 FP3.4
IBM Rational AppScan 8.0.0.2
BurpSuite Pro v1.3.09
IE 8.0.6001.18702CO
Resolution
- Tomcat WEBDAV servlet is not part of Business Objects Enterprise web applications.
- BusinessObjects Web applications do not use the WEBDAV servlet.
- As such, the WEBDAV folder found in Tomcat\Webapps can be safely deleted without affecting other BusinessObjects Enterprise functionality.
Keywords
Tomcat webdav security vulnerability XI3.1 , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem
Product
Crystal Reports 2008 V0
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)