Vulnerability Fixation
Web Dav Extensions

What is WebDAV?

WebDAV is Web-based Distributed Authoring and Versioning, an extension to the HTTP protocol to allow for remotely managing content on a webserver. Though the HTTP protocol does define GET, PUT, and DELETE methods, these are not sufficient for proper remote authoring (for instance, HTTP provides no method for creating a remote directory). These extensions are general enough to use a webserver as repository for remote folders: Microsoft's "Web Folders" extension to Windows Explorer implemented this in a way that allowed for mostly-native access to a remote web repository as if it were a local folder right from the Windows desktop.

WebDAV is commonly used by web authoring systems, such as Adobe's Dreamweaver or Microsoft's Expression Web (followon to Frontpage), to publish information to the webserver.

It performs mostly the same functions that FTP does for publishing content, though a bit more efficiently and with features more in line with web publishing than FTP. FTP has always been a somewhat problematic protocol with respect to firewalls, and WebDAV has none of those issues (though WebDAV is reported to have its own issues with proxies).

WebDAV extends, not replaces the existing HTTP protocols, and a WebDAV-enabled server simply responds to a larger command set. This is best illustrated with this table showing the method names for the base HTTP protocol, WebDAV Extensions, and additional extensions supported by Microsoft.

Note that it's not necessary to understand the particulars here, but we feel that putting a new technology in context makes it easier to see where it fits in the big picture: consider it FYI-only.