V14 - Config
Enabled HTTP PUT method leads to create malicious file on the server
POC
- Check the allowed HTTP methods curl -v -X OPTIONS http:///test/
- Upload a malicious file curl --upload-file -v --url -0 --http1.0
- Observe that the file is uploaded without any problem
- Try to lead to code execution using the malicious file
Impact
Medium
Likelihood
Medium