on 03-19-2014 6:58 AM
Hi Experts,
I am doing a scenario SOAP-RF C in SAP PI 7.1,PI will generate the WSDL file and it is consumed by third party,now the WSDL file is generated and the security team
has done the Vulnerability checks ,now they replied it as
HTTP PUT Method Site Defacement It was observed that remote server is allowing PUT method. This method allows a client to upload new files on the web server.
It was observed that remote server is allowing PUT method,this method allows a client to upload new files on the web server.
Also the impact is an attacker can exploit it by uploading malicious files (e.g.: an asp file that executes commands by invoking cmd.exe), or by simply using the victim's server as a file repository.
The recommendation they provide is to disable the ( PUT) method.
Can anyone please suggest your ideas.It will be very helpful.
Thanks,
kanag
Hi Mark,
Thanks for your reply.I will inform the security team.
Regards,
kanag
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
The HTTP method supported by the SOAP Adapter in PI 7.1 is only POST. PUT, GET or DELETE will not work with it. It is best to raise this issue with your Network Security Team though.
Regards,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.