Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.104075
Category:Nmap NSE net
Title:Nmap NSE net: http-methods
Summary:Finds out what options are supported by an HTTP server by sending an OPTIONS request. Lists;potentially risky methods. Optionally tests each method individually to see if they are subject to;e.g. IP address restrictions.;;In this script, 'potentially risky' methods are anything except GET, HEAD, POST, and OPTIONS. If the;script reports potentially risky methods, they may not all be security risks, but you should check;to make sure. This referenced page lists the dangers of some common methods.;;The list of supported methods comes from the contents of the Allow and Public header fields. In;verbose mode, a list of all methods is printed, followed by the list of potentially risky methods.;Without verbose mode, only the potentially risky methods are shown.;;SYNTAX:;;http-methods.url-path: The path to request. Defaults to;'/'.;;http-methods.retest: If defined, do a request using each method;individually and show the response code. Use of this argument can;make this script unsafe, for example 'DELETE /' is possible.;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored).
Description:Summary:
Finds out what options are supported by an HTTP server by sending an OPTIONS request. Lists
potentially risky methods. Optionally tests each method individually to see if they are subject to
e.g. IP address restrictions.

In this script, 'potentially risky' methods are anything except GET, HEAD, POST, and OPTIONS. If the
script reports potentially risky methods, they may not all be security risks, but you should check
to make sure. This referenced page lists the dangers of some common methods.

The list of supported methods comes from the contents of the Allow and Public header fields. In
verbose mode, a list of all methods is printed, followed by the list of potentially risky methods.
Without verbose mode, only the potentially risky methods are shown.

SYNTAX:

http-methods.url-path: The path to request. Defaults to
'/'.

http-methods.retest: If defined, do a request using each method
individually and show the response code. Use of this argument can
make this script unsafe, for example 'DELETE /' is possible.

http-max-cache-size: The maximum memory size (in bytes) of the cache.

http.pipeline: If set, it represents the number of HTTP requests that'll be
pipelined (ie, sent in a single request). This can be set low to make
debugging easier, or it can be set high to test how a server reacts (its
chosen max is ignored).

CVSS Score:
0.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:N

CopyrightCopyright (C) 2011 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.