Security Assessment

Former Member · ‎03-19-2014

Hi Experts,

I am doing a scenario SOAP-RF C in SAP PI 7.1,PI will generate the WSDL file and it is consumed by third party,now the WSDL file is generated and the security team

has done the Vulnerability checks ,now they replied it as

HTTP PUT Method Site Defacement It was observed that remote server is allowing PUT method. This method allows a client to upload new files on the web server.

It was observed that remote server is allowing PUT method,this method allows a client to upload new files on the web server.

Also the impact is an attacker can exploit it by uploading malicious files (e.g.: an asp file that executes commands by invoking cmd.exe), or by simply using the victim's server as a file repository.

The recommendation they provide is to disable the ( PUT) method.

Can anyone please suggest your ideas.It will be very helpful.

Thanks,

kanag

Former Member · ‎03-19-2014

Hi Mark,

Thanks for your reply.I will inform the security team.

Regards,

kanag

markangelo_dihiansan · ‎03-19-2014

Hi,

The HTTP method supported by the SOAP Adapter in PI 7.1 is only POST. PUT, GET or DELETE will not work with it. It is best to raise this issue with your Network Security Team though.

Regards,

Mark

Security Assessment

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: SAP MDK: Attachment delete button not working ...

Re: ABAP2XLSX delete row

Re: SAP MDK: Attachment delete button not working ...

Re: SAP Analytics Cloud for planning - Set Advance...

Re: SAP Fiori Custom Tile Translation is not worki...