| VID |
22061 |
| Severity |
30 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The web server allows to perform HTTP DELETE method.
Misconfigured web servers allows remote clients to perform dangerous HTTP methods such as PUT and DELETE. This method allows a client to delete an object on the Web server. It is impossible for remote attacker to destroy some of your pages on the web server using 'DELETE' method.
* References:
http://www.iss.net/security_center/static/4253.php |
| Recommendation |
A properly configured Web server should not allow a remote client to perform dangerous HTTP methods such as PUT and DELETE.
If this method is not used, it is recommended that it be disabled.
Ex) Apache
<Directory /abcd>
<Limit PUT DELETE OPTIONS> // blocked method
Order deny, allow
alow from IP // allowed IP
</Limit>
</Directory> |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
