Recommendation
WebDAV should be
disabled on the publish environment. This can be done by stopping the
appropriate OSGi bundles.
Connect to the Felix
Management Console running
on:
http://<host>:<port>/system/console
For example http://localhost:4503/system/console/bundles.
In the list of bundles, find the bundle named:
a. Apache Sling
Simple WebDAV Access to repositories (org.apache.sling.jcr.webdav)
§ Click the stop button (in the
Actions column) to stop this bundle.
§ Again in the list of bundles,
find the bundle named:
b. Apache Sling DavEx Access to repositories (org.apache.sling.jcr.davex)
§ Click the stop button to stop
this bundle.
Note
A restart of
AEM is not required.
WebDav related findings
|
Finding ID
|
JVM Name
|
Total risk
|
Effort to Fix
|
|
WD1
|
Stop Apache Sling Simple WebDAV
|
Critical
|
Low
|
|
WD2
|
Stop Apache Sling DavEx
|
Critical
|
Low
|
|
|
|
|
|
No comments:
Post a Comment