Exposed Dangerous Method or Function

CVE-2021-35243

Medium

5.3/10

Summary

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-749 - Exposed Dangerous Method or Function

The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References

Advisory Timeline

Published Dec 23, 2021

Exposed Dangerous Method or Function

CVE-2021-35243

Summary

CWE-749 - Exposed Dangerous Method or Function

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS