BleDummy1 / DummyRepo2

0 stars 0 forks source link

discovered on asset 52.48.251.197 #201

Open BleDummy1 opened 2 months ago

BleDummy1 commented 2 months ago

While the most well-known HTTP methods including HEAD, GET, POST and CONNECT are often essential to the functioning of a web application and safe, some lesser-known HTTP methods can create vulnerabilities. These include PUT and DELETE, which can open up the file system to remote access on misconfigured systems, and the debugging methods such as TRACK, TRACE, OPTIONS, and DEBUG which can help attackers to compromise sensitive data from sessions such as cookies. The TRACK and TRACE methods, in particular, can be used in cross-site tracing (XST) attacks to steal cookies, even those marked with the HttpOnly flag.

Severity: Informational

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

CVSS Score: 0.0

Recommendation: Disable all HTTP methods not in use by the web application.