Description

Acunetix WVS was able to create a test file within this directory using the HTTP method PUT. The HTTP PUT request method creates a new resource or replaces a representation of the target resource with the request payload. A poorly configured Web server can mistakenly provide remote access to the PUT method without requiring any form of login.

Remediation

Restrict access for HTTP method PUT or if it's not being used, consider disabling it.

References

Related Vulnerabilities

Severity

High

Classification

CWE-16

Tags

Arbitrary File Creation