Issue name

HTTP PUT method is enabled

Typical severity

High

Issue description

The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. If enabled, an attacker may be able to place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or other attacks.

Issue remediation

Refer to your platform's documentation to determine how to disable the HTTP PUT method on the server.

References

Vulnerability classifications

Web intro