Hi
I was forwarded the following results from a colleague whom discovered the following using Qualys, I've attempted to achieve/diagnose the same using Nessus. I am using Nessus 1.2.6 with latest plugins, no mention at all of any PUT/DELETE vulnerabilities reported when testing against the same target. Any advice/assistance appreciated. https://freescan.qualys.com/index.php?lsid=94 Vulnerability: HTTP method 'PUT' is enabled Qualys ID : 86235 Diagnosis: HTTP allows a remote user to upload files to the Web server. If there is no restricted access, anyone can upload files onto the Web server. Existing files on the Web server could be overwritten. Consequences: Successful exploitation of this vulnerability could lead to a complete compromise of the target host. Solution: You should restrict or deactivate write access. Vulnerability: HTTP method 'DELETE' is enabled Qualys ID : 86237 Diagnosis: HTTP allows files or directories on the Web server to be deleted remotely. If there is no restricted access, anyone can remotely delete files or directories from the Web server. Consequences: Successful exploitation of this vulnerability could lead to a complete compromise of the target host. Solution: You should restrict or deactivate write access. Regards Andrew - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
