Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
File creation via HTTP method PUT - Vulnerability Database

File creation via HTTP method PUT

Description

Invicti was able to create a test file within this directory using the HTTP method PUT. The HTTP PUT request method creates a new resource or replaces a representation of the target resource with the request payload. A poorly configured Web server can mistakenly provide remote access to the PUT method without requiring any form of login.

Remediation

Restrict access for HTTP method PUT or if it's not being used, consider disabling it.

References

HTTP PUT request method

Related Vulnerabilities

PHP unspecified remote arbitrary file upload vulnerability Medium
Common tags: Arbitrary File Creation
Unrestricted File Upload High
Common tags: Arbitrary File Creation
Fortinet FortiNAC RCE via arbitrary file upload High
Common tags: Arbitrary File Creation
Lucee Server Arbitrary File Creation High
Common tags: Arbitrary File Creation
Dragonfly Arbitrary File Read/Write (CVE-2021-33564) High
Common tags: Arbitrary File Creation

Severity

High

Classification

CWE-669
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N

Tags

Arbitrary File Creation