Details
Alert ID 90028-5
Alert Type Active
Status beta
Risk Informational
CWE 749
WASC 45
Technologies Targeted All
Tags CWE-749
OWASP_2017_A06
OWASP_2021_A05
OWASP_2025_A02
POLICY_DEV_FULL
POLICY_PENTEST
POLICY_QA_FULL
WSTG-V42-CONF-06
More Info Scan Rule Help

Summary

This HTTP method is a WEBDAV method: PROPFIND. If this server is not offering any WEBDAV services, these methods should not be available.

Solution

Disable insecure methods such as TRACK, TRACE, and CONNECT on the web server, and ensure that the underlying service implementation does not support insecure methods.

Other Info

See the discussion on stackexchange: https://security.stackexchange.com/questions/21413/how-to-exploit-http-methods

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/InsecureHttpMethodScanRule.java