DefenseCode

PUT File Upload

Risk type:MEDIUM

Description:

HTTP PUT method allows a client to submit data to be saved on the web server as the filename specified by the URI, or to update a file with new data. This can allow an attacker to overwrite or modify existing sensitive files.

Mitigation:

  • Disable HTTP PUT method when not needed.
  • Properly configure web server so a remote client can not overwrite arbitrary files.
  • Properly sanitize and validate client requests.