Detections
Analytics

Allowed HTTP Methods

info Web App Scanning Plugin ID 98047

Language:

Synopsis

Allowed HTTP Methods

Description

There are a number of HTTP methods that can be used on a webserver (`OPTIONS`, `HEAD`, `GET`, `POST`, `PUT`, `DELETE` etc.). Each of these methods perform a different function and each have an associated level of risk when their use is permitted on the webserver.

By sending an HTTP OPTIONS request and a direct HTTP request for each method, the scanner discovered the methods that are allowed by the server.

Solution

It is recommended that a whitelisting approach be taken to explicitly permit only the HTTP methods required by the application and block all others.

See Also

http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept

Plugin Details

Severity: Info

ID: 98047

Type: remote

Published: 3/31/2017

Updated: 2/27/2024

Scan Template: api, basic, full, pci, scan