| VID |
22060 |
| Severity |
40 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The web server allows to perform HTTP PUT method.
Misconfigured web servers allows remote clients to perform dangerous HTTP methods such as PUT and DELETE. This PUT method allows a client to submit data to be saved on the Web server as the file name specified by the URL, or to update a file on the Web server with new data. This allows an attacker to run arbitrary code on your server, or set a trojan horse.
* References:
http://www.iss.net/security_center/static/4252.php |
| Recommendation |
A properly configured Web server should not allow a remote client to perform dangerous HTTP methods such as PUT and DELETE.
If this method is not used, it is recommended that it be disabled.
Ex) Apache
<Directory /abcd>
<Limit PUT DELETE OPTIONS> // blocked method
Order deny, allow
alow from IP // allowed IP
</Limit>
</Directory> |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
