Solved

HTTP PUT and DELETE

Posted on 2012-03-12
1
445 Views
Last Modified: 2012-03-13
1) Can I ask what the security impact of having HTTP PUT and HTTP DELETE on a server are? Can you provide a technical impact of what this may cause and a business impact of what (if exploited) this may cause?

2) What’s “at risk”, is it the availability of the server, or is it the data housed on the server/being pulled from the backend DB? I.e. how does the evidence of HTTP PUT compare to a SQL-injection flaw?

3) Is HTTP PUT and HTTP DELETE disabled in IIS? Is there a default on why HTTP commands are allowed and/denied? Are by default HTTP PUT and DELETE allowed?

4) Should these be disabled during the servers build phase?

5) Is there any genuine reason why they would be enabled? I.e. any sort of web app that would rely on them?
0
Comment
Question by:pma111
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37713328
1) files can be overwritten (PUT), newly created (PUT) or deleted (DELETE)
   obvious, somehow, isn't it ?-)

2) data of the web server, other backand is only at risk if you can PUT files which then can be executed (i.e. .php file)

3) ask your admin, i.g. if nothing is configured they are allowed

4) definitely yes (if you're talking about security)

5) yesm WebDAV
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question