/alerttags/wstg-v42-conf-06/ Recent content in WSTG-V42-CONF-06 on ZAP Hugo en-us /docs/alerts/10058/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/10058/ <p>A request that was originally observed as a POST was also accepted as a GET. This issue does not represent a security weakness unto itself, however, it may facilitate simplification of other attacks. For example if the original POST is subject to Cross-Site Scripting (XSS), then this finding may indicate that a simplified (GET based) XSS may also be possible.</p> /docs/alerts/90028-4/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-4/ <p>The insecure HTTP method [CONNECT] is enabled for this resource, and is exploitable. It was found to be possible to establish a tunneled socket connection to a third party service, using this HTTP method. This would allow the service to be used as an anonymous spam relay, or as a web proxy, bypassing network restrictions. It also allows it to be used to establish a tunneled VPN, effectively extending the network perimeter to include untrusted components.</p> /docs/alerts/90028-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-1/ <p>The insecure HTTP method [DELETE] is enabled on the web server for this resource. Depending on the web server configuration, and the underlying implementation responsible for serving the resource, this might or might not be exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. The CONNECT method can be used by a web client to create an HTTP tunnel to third party websites or services.</p> /docs/alerts/90028-5/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-5/ <p>This HTTP method is a WEBDAV method: PROPFIND. If this server is not offering any WEBDAV services, these methods should not be available.</p> /docs/alerts/90028-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-2/ <p>The insecure HTTP method [PUT] is enabled on the web server for this resource. Depending on the web server configuration, and the underlying implementation responsible for serving the resource, this might or might not be exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability. The CONNECT method can be used by a web client to create an HTTP tunnel to third party websites or services.</p> /docs/alerts/90028-6/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-6/ <p>This method was originally intended for file management operations. It is now most commonly used in REST services, PUT is most-often utilized for <strong>update</strong> capabilities, PUT-ing to a known resource URI with the request body containing the newly-updated representation of the original resource.</p> /docs/alerts/90028-3/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90028-3/ <p>The insecure HTTP method [TRACE] is enabled for this resource, and is exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability.</p>