search cancel

Disable Put/Delete/Patch http method

book

Article ID: 243360

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Will the Vulnerability solution below ( Disable Put/Delete/Patch method) result in an impact on Identity Manager and Identity Portal

Often Misused: HTTP Method Override High
URL: https://idm.myco.com:443/iam/im/myenv/ca12/index.jsp
https://idm.myco.com:443/iam/im/myenv/ca12/index.jsp (Often 
Misused: HTTP Method Override) High
Issue Details
Kingdom: API Abuse

Solution:

Disable the use of verb tunneling using such headers or query parameters. If a legitimate case exists to enable 
this feature, it is important to restrict access of such requests to its intended purpose.
Request
POST /iam/im/myenv/ca12/index.jsp HTTP/1.1 
Referer: https://idm.myco.com/iam/im/myenv/ca12/index.jsp 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 79 
Accept: */* 
Pragma: no-cache 
Accept-Encoding: gzip, deflate 
User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 
Host: idm.myco.com 
X-HTTP-METHOD: PUT 
X-HTTP-Method-Override: PUT 
X-METHOD-OVERRIDE: PUT 
Connection: Keep-Alive 
X-WIPP: AscVersion=21.2.0.122 
X-Scan-Memo: 
Category="Audit.Attack";SID="915879BC57BD94D04A7F2CE8D539F27D";PSID="86C9DF3E27CC2A20D3C67C1103767EBC";SessionType="AuditAttack";CrawlType="None";AttackType="HeaderParamManipulation";OriginatingEngineID="98f62a51-96e4-408da4b0-
bfe9208d739f";AttackSequence="0";AttackParamDesc="";AttackParamIndex="0";AttackParamSubIndex="0";CheckId="11534";Engine="HTTP+Verb+Tunneling";SmartMode="4";tht="40"; 
X-RequestManager-Memo: stid="93";stmi="0";sc="1";rid="a205e3da"; 
X-Request-Memo: rid="730cdc45";sc="1";thid="58"; 
Cookie: 
CustomCookie=WebInspect173946ZXD7A165A4B43B4544A318561E8243F8B8Y5183;BIGipServeridm.myco.com2156136734.60132.0000;SMIDENTITY=E0kqnfdNrSJCWGDYOZxXZU0lA0t2hIptjnlgFwqOBBUayDDlOoS1ipA6NXjS/
iU/pAg5QJyU3Ug7d6QGMusONk61w97DRL2RZSGZV4F7sBaMiqwzz/Ce/
Ok6WHCyEoapXJZdvWx3bQ1/Rs7jbsFfTfXCuCmTW7EqMbEnHNl/
NqYxXF70RgI8TLJno0gsWI2aYnvtzXo+VD1pMgp0ESIH/Z/
UmvLjtHwoAjYG+M8Xq07ZmRrSyU34XyWy2rDvImqdMfIjAlwl7+x4mQTxwecMI+7zjtyPHLAtmXKH2nNJ1XLqHhOAtAsIDbHLP1KTscW3SYmV9RTkAK6wz/
sd+uDlwDBNOhXBTWW3n7s4w8pxA0Ec0LE0Y4/
o09PzAf8SojQAaJTCSLGnn64kMMmdIK92rYMnZPseS0sV1pmE7V8ZrmtGXnzR7+GsQQvbq9ZL8d11KCKI2FAGKdJM/
Q05Drx0PQc/X3xI9og5tw3IcNKGdAdSY4Lb+HRc4X81cftvAb/J;JSESSIONID=-E1SMEYI-

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

                     Identity Portal 

Cause

RFI

Resolution

If SCIM REST API along with Connector Xpress 2.0 & Identity portal functionalities are not in use.  It won't have impacted on IDM  with the vulnerability solution that was applied.