SAP Knowledge Base Article - Public

1620815 - How to disable Tomcat WEBDAV ?


  • Sometimes URL scan tools like AppScan report a Medium Vulnerability on Tomcat application server's WEBDAV servlet.
  • Suggested Remediation Tasks: Disable WebDAV, or disallow unneeded HTTP methods
  • Suggested Reasoning: The Allow header revealed that hazardous HTTP Options are allowed, indicating that WebDAV is enabled on the server.



Window 2008 platform
XI3.1 SP3 FP3.4
IBM Rational AppScan
BurpSuite Pro v1.3.09
IE 8.0.6001.18702CO


  • Tomcat WEBDAV servlet is not part of Business Objects Enterprise web applications. 
  • BusinessObjects Web applications do not use the WEBDAV servlet.
  • As such, the WEBDAV folder found in Tomcat\Webapps can be safely deleted without affecting other BusinessObjects Enterprise functionality.


Tomcat webdav security vulnerability XI3.1 , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem


Crystal Reports 2008 V0