Insecure HTTP Method

The most common methodology for attackers is to first footprint the target’s web presence and enumerate as much information as possible. With this information, the attacker may develop an accurate attack scenario, which will effectively exploit a vulnerability in the software type/version being utilized by the target host.

Multi-tier fingerprinting is similar to its predecessor, TCP/IP Fingerprinting (with a scanner such as Nmap) except that it is focused on the Application Layer of the OSI model instead of the Transport Layer. The theory behind this fingerprinting is to create an accurate profile of the target’s platform, web application software technology, backend database version, configurations and possibly even their network architecture/topology.

Exposing dangerous HTTP methods like PUT, DELETE, TRACE, or CONNECT allows attackers to modify or remove resources, perform cross-site tracing attacks to steal credentials, or establish unauthorized connections through the server. An attacker can enumerate available methods using OPTIONS requests and then exploit overly permissive configurations to upload malicious files, delete critical resources, or bypass security controls. TRACE method in particular enables XST (Cross-Site Tracing) attacks that can capture HttpOnly cookies.

Disable all HTTP methods except those explicitly required for application functionality (typically only GET and POST). Configure the web server to return 405 Method Not Allowed for unauthorized methods. In Apache, use the Limit directive in .htaccess or httpd.conf. In Nginx, use the limit_except directive. In IIS, use Request Filtering to block specific verbs. Ensure that application-level authorization checks validate both the requested resource and the HTTP method used. Regularly audit server configurations to verify only necessary methods remain enabled.