HTTP PUT method is enabled

Description: HTTP PUT method is enabled

The HTTP PUT method is normally used to upload data that is saved on the server at a user-supplied URL. If enabled, an attacker may be able to place arbitrary, and potentially malicious, content into the application. Depending on the server's configuration, this may lead to compromise of other users (by uploading client-executable scripts), compromise of the server (by uploading server-executable code), or other attacks.

Remediation: HTTP PUT method is enabled

Refer to your platform's documentation to determine how to disable the HTTP PUT method on the server.

Vulnerability classifications

CWE-650: Trusting HTTP Permission Methods on the Server Side

Typical severity

High

Type index (hex)

0x00100900

Type index (decimal)

1050880

Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Get Burp

Scan your web application from just $449.00

Find out more

How do I?	New Post	View All
Feature Requests	New Post	View All
Burp Extensions	New Post	View All
Bug Reports	New Post	View All