Description
By manipulating the HTTP verb it was possible to bypass the authorization on this directory. The scanner sent a request with POST HTTP verb and managed to bypass the authorization. An application is vulnerable to HTTP Verb tampering if the following conditions hold:
- it uses a security control that lists HTTP verbs
- the security control fails to block verbs that are not listed
- it has GET functionality that is not idempotent or will execute with an arbitrary HTTP verb
For example, Apache with .htaccess is vulnerable if HTTP verbs are specified using the LIMIT keyword:
require valid-user
Remediation
In the case of Apache + .htaccess, don't use HTTP verb restrictions or use LimitExcept.
Check references for more information on how to fix this problem on other platforms.
References
Related Vulnerabilities
WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel Security Bypass (1.3.5)
WordPress Plugin Best Image Gallery & Responsive Photo Gallery-FooGallery Security Bypass (1.6.15)
WordPress Plugin YITH Color and Label Variations for WooCommerce Security Bypass (1.8.11)
WordPress Plugin Import Export WordPress Users Security Bypass (1.3.8)
Drupal Core 9.1.x Multiple Security Bypass Vulnerabilities (9.1.0 - 9.1.12)