Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / Web Servers / Test HTTP dangerous methods
server monitoring

Test HTTP dangerous methods
Article ID: 10498
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 755
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

Test HTTP dangerous methods
This script is Copyright (C) 2000-2009 Tenable Network Security, Inc.

FamilyWeb Servers
Plugin ID10498
Bugtraq ID12141
CVE ID

Description:
Synopsis :

The remote web server allows the PUT and/or DELETE method.

Description :

The PUT method allows an attacker to upload arbitrary web pages on
the server. If the server is configured to support scripts like ASP
or PHP, it will allow the attacker to execute code with the privileges
of the web server.

The DELETE method allows an attacker to delete arbitrary content from
the web server.

Solution :

Disable the PUT and/or DELETE method in the web server configuration.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
This article was:   Helpful | Not Helpful
Prev   Next
NIS     Microsoft IIS /scripts Directory Browsable

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events