Publicly writable directory

High Web Application Scanning Plugin ID 98099

Synopsis

Publicly writable directory

Description

There are various methods in which a file (or files) may be uploaded to a
webserver. One method that can be used is the HTTP `PUT` method. The `PUT`
method is mainly used during development of applications and allows developers to
upload (or put) files on the server within the web root.

By nature of the design, the `PUT` method typically does not provide any filtering
and therefore allows sever side executable code (PHP, ASP, etc) to be uploaded to
the server.

Cyber-criminals will search for servers supporting the `PUT` method with the
intention of modifying existing pages, or uploading web shells to take control
of the server.

Scanner has discovered that the affected path allows clients to use the `PUT`
method. During this test, scanner has `PUT` a file on the server within the web
root and successfully performed a `GET` request to its location and verified the
contents.

Solution

Where possible the HTTP `PUT` method should be globally disabled. This can typically be done with a simple configuration change on the server. The steps to disable the `PUT` method will differ depending on the type of server being used (IIS, Apache, etc.).
For cases where the `PUT` method is required to meet application functionality, such as REST style web services, strict limitations should be implemented to ensure that only secure (SSL/TLS enabled) and authorised clients are permitted to use the `PUT` method.
Additionally, the server's file system permissions should also enforce strict limitations.

See Also

http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

Plugin Details

Severity: High

ID: 98099

Type: remote

Family: Web Servers

Published: 2017/03/31

Modified: 2017/10/16

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference Information