Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP PUT & DELETE Methods Enabled
Vulnerability Description
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
暴露危险的方法或函数
Vulnerability Title
Solarwinds Web Help Desk 安全漏洞
Vulnerability Description
Solarwinds Web Help Desk是美国Solarwinds公司的一套服务台和资产管理软件。该软件支持集中式知识库、IT资产管理、项目和任务管理等功能。 Solarwinds Web Help Desk web server 12.7.6 及之前版本存在安全漏洞,该漏洞源于启用了HTTP PUT和DELETE方法,允许用户执行危险的HTTP请求。
CVSS Information
N/A
Vulnerability Type
N/A