Solved

HTTP PUT and DELETE

Posted on 2012-03-12
1
446 Views
Last Modified: 2012-03-13
1) Can I ask what the security impact of having HTTP PUT and HTTP DELETE on a server are? Can you provide a technical impact of what this may cause and a business impact of what (if exploited) this may cause?

2) What’s “at risk”, is it the availability of the server, or is it the data housed on the server/being pulled from the backend DB? I.e. how does the evidence of HTTP PUT compare to a SQL-injection flaw?

3) Is HTTP PUT and HTTP DELETE disabled in IIS? Is there a default on why HTTP commands are allowed and/denied? Are by default HTTP PUT and DELETE allowed?

4) Should these be disabled during the servers build phase?

5) Is there any genuine reason why they would be enabled? I.e. any sort of web app that would rely on them?
0
Comment
Question by:pma111
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 37713328
1) files can be overwritten (PUT), newly created (PUT) or deleted (DELETE)
   obvious, somehow, isn't it ?-)

2) data of the web server, other backand is only at risk if you can PUT files which then can be executed (i.e. .php file)

3) ask your admin, i.g. if nothing is configured they are allowed

4) definitely yes (if you're talking about security)

5) yesm WebDAV
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
This article discusses four methods for overlaying images in a container on a web page
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
The viewer will learn how to count occurrences of each item in an array.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question