Json Yaml Insecure Http Methods Enabled

Description

Detects AWS S3 buckets configured with dangerous HTTP methods enabled in CloudFormation templates. When dangerous HTTP methods (like DELETE, PUT) are enabled without proper restrictions, it can allow unauthorized users to modify or delete bucket contents, leading to data breaches or availability issues.

Weakness:

044 - Insecure HTTP methods enabled

Category: Protocol Manipulation

Detection Strategy

• Scan CloudFormation template files for S3 bucket resource definitions

• Check if bucket Properties include configurations that enable dangerous HTTP methods

• Report vulnerability if S3 bucket allows unrestricted use of dangerous HTTP methods like DELETE or PUT

• Focus on Properties section within AWS::S3::Bucket resource type declarations

Vulnerable code example

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      MethodSettings:
        - ResourcePath: "/*"   # Vulnerable: Allows access to all paths
          HttpMethod: "*"      # Vulnerable: Allows all HTTP methods
  MyBucket:...

✅ Secure code example

Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      MethodSettings:
        - ResourcePath: "/*"
          HttpMethod: "GET"    # Restrict to only needed HTTP methods
          MetricsEnabled: true # Enable monitoring...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.