Web Server HTTP Dangerous Method Detection
High Nessus Plugin ID 10498
SynopsisThe remote web server allows the PUT and/or DELETE method.
DescriptionThe PUT method allows an attacker to upload arbitrary web pages on the server. If the server is configured to support scripts like ASP, JSP, or PHP it will allow the attacker to execute code with the privileges of the web server.
The DELETE method allows an attacker to delete arbitrary content from the web server.
SolutionDisable the PUT and/or DELETE method in the web server configuration.