TestID 10498 (http_methods.nasl) is the beast that tests for this. Unless someone made changes to this to break it, it should still work.
Note - this test also generated a fair number of false positives in the past (was that fixed?) due to IIS servers that had the PUT/DELETE methods respond as if they were a GET request. Perhaps qualys is running afoul of that? Try contacting the server and issuing the request DELETE /index.html HTTP/1.0 (but only if its YOUR server) and see what it responds back with. Cheers, Thomas Andrew W Barkley wrote: > Hi > > > I was forwarded the following results from a colleague whom discovered the > following using Qualys, I've attempted to achieve/diagnose the same using > Nessus. I am using Nessus 1.2.6 with latest plugins, no mention at all of > any PUT/DELETE vulnerabilities reported when testing against the same > target. Any advice/assistance appreciated. > > > https://freescan.qualys.com/index.php?lsid=94 > > > Vulnerability: > HTTP method 'PUT' is enabled > Qualys ID : 86235 > > Diagnosis: > HTTP allows a remote user to upload files to the Web server. If there is no > restricted access, anyone can upload files onto the Web server. Existing > files on the Web server could be overwritten. > > Consequences: > Successful exploitation of this vulnerability could lead to a complete > compromise of the target host. > > Solution: > You should restrict or deactivate write access. > > > > Vulnerability: > HTTP method 'DELETE' is enabled > Qualys ID : 86237 > > Diagnosis: > HTTP allows files or directories on the Web server to be deleted remotely. > If there is no restricted access, anyone can remotely delete files or > directories from the Web server. > > Consequences: > Successful exploitation of this vulnerability could lead to a complete > compromise of the target host. > > Solution: > You should restrict or deactivate write access. > > > > Regards > > Andrew > > - > [EMAIL PROTECTED]: general discussions about Nessus. > * To unsubscribe, send a mail to [EMAIL PROTECTED] with > "unsubscribe nessus" in the body. > - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
