Multiple Web Server Dangerous HTTP Method MOVE

1994-01-01T00:00:00
ID OSVDB:5647
Type osvdb
Reporter OSVDB
Modified 1994-01-01T00:00:00

Description

Vulnerability Description

Web Servers contain a flaw that may allow a remote attacker to arbitrary manipulate files. The issue is triggered when the HTTP method 'MOVE' is allowed. It is possible that the flaw may allow arbitrary file manipulation resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable the MOVE method if it is not essential for your site.

Short Description

Web Servers contain a flaw that may allow a remote attacker to arbitrary manipulate files. The issue is triggered when the HTTP method 'MOVE' is allowed. It is possible that the flaw may allow arbitrary file manipulation resulting in a loss of integrity.

References:

Related OSVDB ID: 397 Related OSVDB ID: 5646 Nessus Plugin ID:10498 Generic Informational URL: http://www.ietf.org/rfc/rfc1945.txt Generic Informational URL: http://www.ietf.org/rfc/rfc2616.txt Bugtraq ID: 12141