Detections
Analytics
HTTP Methods Allowed (per directory)
info Nessus Plugin ID 43111
Language:
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
http://www.nessus.org/u?d9c03a9a
http://www.nessus.org/u?b019cbdb
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
Plugin Details
Severity: Info
ID: 43111
File Name: web_directory_options.nasl
Version: 1.12
Type: remote
Family: Web Servers
Published: 12/10/2009
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus