Vulnerability : Web servers that respond to the OPTIONS HTTP method expose what other methods are available on CA Spectrum 21.2.1

search cancel

Vulnerability : Web servers that respond to the OPTIONS HTTP method expose what other methods are available on CA Spectrum 21.2.1

book

Article ID: 247720

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

In a new VA Scan, Vulnerability points have come up:

Vulnerability Description

Vulnerability Solution

Service Port

Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.

* Disable HTTP OPTIONS method

Disable HTTP OPTIONS method on your web server. Refer to your web server's instruction manual on how to do this.

Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts.

* Apache HTTPD

Disable HTTP OPTIONS Method for Apache

Disable the OPTIONS method by including the following in the Apache configuration:

<Limit OPTIONS> Order deny,allow Deny from all </Limit>

* Microsoft IIS

Disable HTTP OPTIONS Method for IIS

Disable the OPTIONS method by doing the following in the IIS manager

* Select relevant site

* Select Request filtering and change to HTTP verb tab

* Select Deny Verb from the actions pane

* Type OPTIONS into the provided text box and press OK

* nginx nginx

Disable HTTP OPTIONS Method for nginx

Disable the OPTIONS method by adding the following line to your server block, you can add other HTTP methods to be allowed to run after POST

limit_except GET POST { deny all; }

8443

Environment

DX NetOps Spectrum Release : 21.2
Component : Spectrum OneClick

Resolution

If ModSecurity is not enabled then Spectrum is not vulnerable to this reported vulnerability.

Spectrum Tomcat WebServer is already handling this OPTIONS request as this method has been added to the Forbidden list under the web.xml file. So anyone making OPTIONS request to Spectrum Tomcat Webserver will not be responded with the supported methods details.

ModSecurity is not enabled by default in Spectrum. It has to be configured and started manually. You can check the following ways to see if ModSecurity has been enabled:

On Linux, execute the following command at the bash prompt to verify that the Apache service has started:
On Windows, launch the "Services.msc" program to look and verify that the Apache service has been started. Details are provided in our documentation :
TechDocs : DX NetOps Spectrum 22.2 : Enable ModSecurity Web Application Firewall

Feedback

thumb_up Yes

thumb_down No