HTTP Method?

• Previous message: Bennett Todd: "Re: Student-Degree valuable or not?"
• Next in thread: Kerbl Thomas Rudolf: "Re: HTTP Method?"
• Maybe reply: Kerbl Thomas Rudolf: "Re: HTTP Method?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com
Date: Fri, 26 Sep 2003 11:35:09 +0000

Hello, all.

I heard that some http method like DELETE, TRACE, CONNECT would not be
allowed.
Which security problem wolud be if one allow these methods in the web
server?

Thanks in Advance.

_________________________________________________________________
Çà¿îÀÇ ÁÖÀΰøÀÌ À̹ø¿£ ³ªÀϲ¨¾ß, ÁøÂ¥·ç... ÀÎÅÍ³Ý º¹±Ç
http://www.msn.co.kr/money/interlotto/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Bennett Todd: "Re: Student-Degree valuable or not?"
• Next in thread: Kerbl Thomas Rudolf: "Re: HTTP Method?"
• Maybe reply: Kerbl Thomas Rudolf: "Re: HTTP Method?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: HTTP Method? ... Subject: HTTP Method? ... security settings on your file systems are too weak. ... TRACE is a debugging method, after the server config worx for you, you should ... (Security-Basics) PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method ... The reason why we didn't consider this vulnerability a security risk is because the attacker needs to force the victim's browser to submit a malformed HTTP method. ... Apache 2.X returns a '413 Request Entity Too Large' error, ... When probing for XSS on the error page returned by the server we have 3 possible string vectors: ... (Bugtraq)