CVE-2021-35243
HTTP PUT & DELETE Methods Enabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
Los métodos HTTP PUT y DELETE fueron habilitados en el servidor web de Web Help Desk (12.7.7 y anteriores), permitiendo a los usuarios ejecutar peticiones HTTP peligrosas. El método HTTP PUT se utiliza normalmente para cargar datos que se guardan en el servidor con una URL proporcionada por el usuario. Mientras que el método DELETE solicita que el servidor de origen elimine la asociación entre el recurso de destino y su funcionalidad actual. El uso inadecuado de estos métodos puede conducir a una pérdida de integridad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-22 CVE Reserved
- 2021-12-23 CVE Published
- 2024-09-06 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-749: Exposed Dangerous Method or Function
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Web Help Desk Search vendor "Solarwinds" for product "Web Help Desk" | <= 12.7.7 Search vendor "Solarwinds" for product "Web Help Desk" and version " <= 12.7.7" | - |
Affected
| ||||||