Description

HTTP methods such as TRACE, PUT and DELETE are enabled on the server. These methods may allow an attacker to include and/or delete files, or perform cross-site tracing attacks.

Impact

- Include content, scripts, binaries or images from potentially malicious sources. - Increase the probability of carrying out attacks such as Cross-Site Scripting, Cross-Site Leaks, and others.

Recommendation

Configure secure methods for servers requests.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

Fixes