Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 460
  • Last Modified:

HTTP PUT and DELETE

1) Can I ask what the security impact of having HTTP PUT and HTTP DELETE on a server are? Can you provide a technical impact of what this may cause and a business impact of what (if exploited) this may cause?

2) What’s “at risk”, is it the availability of the server, or is it the data housed on the server/being pulled from the backend DB? I.e. how does the evidence of HTTP PUT compare to a SQL-injection flaw?

3) Is HTTP PUT and HTTP DELETE disabled in IIS? Is there a default on why HTTP commands are allowed and/denied? Are by default HTTP PUT and DELETE allowed?

4) Should these be disabled during the servers build phase?

5) Is there any genuine reason why they would be enabled? I.e. any sort of web app that would rely on them?
0
pma111
Asked:
pma111
1 Solution
 
ahoffmannCommented:
1) files can be overwritten (PUT), newly created (PUT) or deleted (DELETE)
   obvious, somehow, isn't it ?-)

2) data of the web server, other backand is only at risk if you can PUT files which then can be executed (i.e. .php file)

3) ask your admin, i.g. if nothing is configured they are allowed

4) definitely yes (if you're talking about security)

5) yesm WebDAV
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now