Multiple Web Server Dangerous HTTP Method DELETE

1994-01-01T00:00:00
ID OSVDB:5646
Type osvdb
Reporter OSVDB
Modified 1994-01-01T00:00:00

Description

Vulnerability Description

Web Servers support the DELETE HTTP method. If enabled, a remote client may have the ability to delete objects from the web server. This could allow an arbitrary user to alter web site content causing a loss of integrity or availability.

Solution Description

If the DELETE method is not essential for your site, disable it in the web server configuration. Consult your documentation or vendor for detailed instructions on how to accomplish this.

Short Description

Web Servers support the DELETE HTTP method. If enabled, a remote client may have the ability to delete objects from the web server. This could allow an arbitrary user to alter web site content causing a loss of integrity or availability.

References:

Related OSVDB ID: 397 Related OSVDB ID: 5647 Nessus Plugin ID:10498 ISS X-Force ID: 4253 Generic Informational URL: http://www.ietf.org/rfc/rfc1945.txt Generic Informational URL: http://www.ietf.org/rfc/rfc2616.txt